2876 matches found
CVE-2017-16241
Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...
CVE-2017-16241
Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...
CVE-2017-16241
Incorrect access control in AMAG Symmetry Door Edge Network Controllers EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00 enables remote attackers to execute door controller commands e.g., lock, unlock, add ID card value by sending...
Potential for Information Disclosure in Application Skeleton
Potential for Information Disclosure in Application Skeleton The default application skeleton contained a beforeRender method on the AppController that could potentially lead to unwanted information disclosure in your application. The unsafe default code was present between 3.1.0 and 3.5.0 of the...
CVE-2017-12352
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system...
Input validation
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system...
CVE-2017-12352
CVE-2017-12352 affects Cisco Application Policy Infrastructure Controller (APIC). A local privilege-escalation is possible through improper validation of input to boot-time system script files, allowing an authenticated attacker with valid admin credentials to execute arbitrary commands with root...
Input validation
A vulnerability in the Access Network Query Protocol ANQP ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS condition. The...
Input validation
A vulnerability in the implementation of 802.11v Basic Service Set BSS Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
Input validation
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...
CVE-2017-12275
A vulnerability in the implementation of 802.11v Basic Service Set BSS Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
CVE-2017-12280
A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS...
CVE-2017-12278
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...
CVE-2017-12282
CVE-2017-12282 affects Cisco Wireless LAN Controllers (WLC) and relates to the ANQP ingress frame processing. The root cause is incomplete input validation of ANQP query frames, which can be exploited by an unauthenticated, Layer 2 RF-adjacent attacker on an RF-adjacent network to cause the affec...
CVE-2017-12275
A vulnerability in the implementation of 802.11v Basic Service Set BSS Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. The...
CVE-2017-12278
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service DoS condition. The vulnerability is due to a memory leak that occurs on...
CVE-2017-12282
A vulnerability in the Access Network Query Protocol ANQP ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service DoS condition. The...
CVE-2017-12278
CVE-2017-12278 affects Cisco Wireless LAN Controllers via a memory-leak in the SNMP subsystem that can exhaust memory and cause a reboot/DoS when an attacker who has SNMP credentials polls specific MIBs. Exploitation requires authenticated access (SNMP v2 read or SNMP v3 credentials); memory depl...
CVE-2017-12275
Summary of evidence : CVE-2017-12275 is a vulnerability in Cisco Wireless LAN Controller (WLC) implementations of 802.11v BSS Transition Management. The issue arises from insufficient input validation of 802.11v BSS Transition Management Response packets received from wireless clients, allowing a...
CVE-2017-12280
Cisco WLCs are affected by CVE-2017-12280 due to incomplete input validation in CAPWAP Discovery Request parsing, allowing unauthenticated remote attackers to cause a restart and DoS. The issue impacts Cisco Wireless LAN Controllers; exploitation involves sending crafted CAPWAP Discovery Request ...