Lucene search
K

79 matches found

CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

Cisco多款产品 安全漏洞

The Cisco RV340 and others are products of Cisco, Inc.The Cisco RV340 is a dual WAN Gigabit Vpn router.The Cisco Crosswork Network Services Orchestrator is a network automation and orchestration platform.The Cisco Optical Site Cisco Optical Site Manager is a network management software. A securit...

8.8CVSS6.6AI score0.00576EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.5 views

PT-2024-10394 · Cisco · Cisco Optical Site Manager +3

Name of the Vulnerable Software and Affected Versions: Cisco Crosswork Network Services Orchestrator NSO affected versions not specified Cisco ConfD affected versions not specified Cisco Optical Site Manager affected versions not specified Cisco RV340 Dual WAN Gigabit VPN Routers affected version...

9CVSS7AI score0.00576EPSS
Exploits0References17
BDU FSTEC
BDU FSTEC
added 2024/07/05 12:0 a.m.5 views

The vulnerability of the web interface of the Cisco Crosswork Network Services Orchestrator software allows a hacker to carry out phishing attacks.

The vulnerability of the Cisco Crosswork Network Services Orchestrator software’s web interface relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to carry out phishing attacks using a specially created malicious link...

5CVSS5.5AI score0.00312EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/24 12:0 a.m.49 views

Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)

According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack again...

8.4CVSS6.1AI score0.00351EPSS
Exploits0References10
OSV
OSV
added 2024/05/16 2:15 p.m.4 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS6AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 2:15 p.m.15 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.7AI score0.00177EPSS
Exploits0References2
OSV
OSV
added 2024/05/16 2:15 p.m.6 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS6AI score0.00342EPSS
Exploits0References2
NVD
NVD
added 2024/05/16 2:15 p.m.14 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.7AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/16 2:8 p.m.27 views

CVE-2024-20389

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.9AI score0.00177EPSS
Exploits0References2
CVE
CVE
added 2024/05/16 2:8 p.m.94 views

CVE-2024-20326

The CVE-2024-20326 entry applies to Cisco ConfD CLI and Cisco Crosswork NSO CLI. The vulnerability stems from improper authorization enforcement for specific CLI commands, allowing an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying OS. Exp...

7.8CVSS6.9AI score0.00342EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2024/05/16 2:8 p.m.14 views

CVE-2024-20326

A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...

7.8CVSS7.9AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network automation and orchestration platform from Cisco. A security vulnerability exists in the Cisco Crosswork Network Services Orchestrator CLI, ConfD CLI, which arises from improper execution of authorization when using certain CLI commands a...

7.8CVSS6.7AI score0.00342EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network automation and orchestration platform from Cisco. A security vulnerability exists in the Cisco Crosswork Network Services Orchestrator CLI, ConfD CLI, which arises from improper execution of authorization when using certain CLI commands a...

7.8CVSS6.8AI score0.00177EPSS
Exploits0References3
OSV
OSV
added 2024/05/15 6:15 p.m.3 views

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2024/05/15 6:15 p.m.13 views

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

6.1CVSS4.8AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/15 5:59 p.m.17 views

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

4.8CVSS6.3AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 5:59 p.m.20 views

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

4.8CVSS5.5AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 5:59 p.m.67 views

CVE-2024-20383

Cisco Secure Email and Web Manager (Cisco AsyncOS) web-based management interface is affected by a stored XSS vulnerability due to insufficient input validation. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interface...

8.4CVSS6.3AI score0.00351EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/15 5:25 p.m.13 views

CVE-2024-20366

A vulnerability in the Tail-f High Availability Cluster Communications HCC function pack of Cisco Crosswork Network Services Orchestrator NSO could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled searc...

7.8CVSS7.6AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 5:23 p.m.16 views

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

4.7CVSS5.1AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder