Cisco SD-WAN vManage Authorization Bypass Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not...

PT-2021-1857 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue concerns multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software. An authenticated, remote attacker could bypass...

Serious vulnerabilities fixed in Dell Wyse ThinOS

Vulnerabilities have been fixed in Dell Wyse ThinOS. A malicious person with access to a local FTP server could exploit the vulnerabilities to obtain sensitive information. The malicious party, by accessing this information and the ability to modify configuration files, the entire system. Dell ha...

Lantronix XPort EDGE Web Manager CSRF vulnerability

Summary An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Test...

Cross site request forgery (csrf)

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration...

Cisco SD-WAN vManage Software Authorization Bypass (cisco-sa-vmanuafw-ZHkdGGEy)

According to its self-reported version, Cisco SD-WAN vManage is affected by an authentication bypass vulnerability in its web-based management interface due to insufficient authorization checks. An authenticated, remote attacker can exploit this, by sending specially crafted HTTP requests, to...

CVE-2020-3592

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

Authorization

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

Unspecified Vulnerability in Cisco Firepower Management Center and Cisco Firepower Threat Defense

Cisco Firepower Management Center and Cisco Firepower Threat Defense are both products of Cisco Corporation.Cisco Firepower Management Center is a next-generation firewall management center software.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall...

CVE-2020-3467

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control RBAC within the...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control RBAC within the...

CVE-2020-3467 Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control RBAC within the...

Hardcoded credentials

D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration...

CVE-2020-3374

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Streaming for Video 3.8.0 and earlier (CVE-2019-1552)

Summary The OpenSSL vulnerability CVE-2019-1552 impacts IBM Aspera Streaming for Video 3.8.0 and earlier. The fix was first delivered in IBM Aspera Streaming 3.9.6. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL could allow a local attacker to bypass security restrictions, caused...

CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

CVE-2020-12017

GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute...

Red Hat Ceph Authorization Issues Vulnerability

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...

CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 and later, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...