58 matches found
CVE-2021-41316
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...
CVE-2021-41315
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...
CVE-2021-41316
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...
CVE-2021-41315
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...
Design/Logic Flaw
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...
Design/Logic Flaw
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...
CVE-2021-41315
Device42 Remote Collector prior to version 17.05.01 is vulnerable to a command-injection in the SNMP Connectivity utility due to unsanitized user input. An authenticated attacker with access to the console application can execute arbitrary OS commands and escalate privileges. Remediation per conn...
CVE-2021-41315
The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...
CVE-2021-41316
The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...
CVE-2021-41316
The CVE-2021-41316 entry applies to Device42 Main Appliance prior to version 17.05.01, where the Nmap Discovery utility does not sanitize user input. An attacker with permissions to add or edit jobs for this utility can inject an extra argument to overwrite arbitrary files as root on the Remote C...
Device42 Remote Collector 操作系统命令注入漏洞
Device42 Remote Collector is a virtual appliance from Device42, Inc. that facilitates SNMP, IPMI, hypervisor, and other auto-discovery across a network, requiring only https access and no need to open a large number of ports across network segments. A security vulnerability exists in Device42...
Device42 参数注入漏洞
Device42 is a US-based Device42 company that provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. Device42 has a security vulnerability that originates from a failure of a networked system or product to properly filter special elements in a...
Device42 DCIM Appliance Manager 'ping' Command Injection Vulnerability
Device42 DCIM Appliance Manager is prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Device42 DCIM Appliance Manager Default Credentials (HTTP)
The remote Device42 DCIM Appliance Manager web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' = MSFLICENSE, 'Privileged' = true, 'Platform' = 'unix', 'Arch' =...
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' = MSFLICENSE, 'Privileged' = true, 'Platform' = 'unix', 'Arch' =...
Device42 Ping Command Injection
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution', 'Description' = %q , 'License' = MSFLICENSE, 'Privileged' = true, 'Platform' = 'unix', 'Arch' =...
Device42 Embedded Credentials
Remote Authenticated Root in Device42 DCIM Appliance Manager v5.10 and v6.0 http://www.device42.com/download/ Device42 ships virtual appliances ready for production use as a trial essentially dictated by the license provided. The Appliance Manager listens on HTTP no SSL on port 4242 with default...