205 matches found
CVE-2018-0193
Cisco IOS XE Software CLI Command Injection vulnerabilities (CVE-2018-0193) affect the CLI parser and allow an authenticated, local attacker to inject arbitrary commands into the CLI, enabling access to the underlying Linux shell and execution of commands with root privileges on the device. Root ...
CVE-2018-0182
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...
CVE-2018-0184
Cisco IOS XE Software CLI parser vulnerability (CVE-2018-0184) allows an authenticated, local attacker with Privilege EXEC (level 15) to bypass argument sanitization and gain access to the underlying Linux shell, executing commands with root privileges. Affected component: CLI parser; root shell ...
CVE-2018-0185
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...
CVE-2018-0176
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...
CVE-2018-0182
Cisco IOS XE Software CLI Command Injection vulnerabilities (CVE-2018-0182) arise from insufficient sanitization of CLI arguments before passing them to the Linux shell. An authenticated, local attacker can exploit this via the CLI to gain access to the underlying Linux shell with root privileges...
CVE-2018-0185
CVE-2018-0185 relates to multiple vulnerabilities in the Cisco IOS XE Software CLI parser . The issues arise because the affected CLI parser does not sufficiently sanitize command arguments before passing them to the Linux shell, allowing an authenticated, local attacker to submit a malicious CLI...
CVE-2018-0183
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...
CVE-2018-0176
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...
CVE-2018-0176
Summary: CVE-2018-0176 describes multiple vulnerabilities in the CLI parser of Cisco IOS XE Software that can allow an authenticated, local attacker with user EXEC privileges to gain access to the device’s underlying Linux shell and execute arbitrary commands with root privileges. The root cause ...
CVE-2018-0183
Cisco IOS XE Software for Cisco 4000 Series routers contains a local privilege-escalation (CVE-2018-0183) in the CLI parser. An authenticated attacker with privileged EXEC (level 15) can exploit crafted CLI arguments to gain access to the device’s underlying Linux shell and execute commands as ro...
Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...
Cisco IOS XE Software CLI Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute comman...
Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...
JanTek JTC-200 RS232-NET Connector CSRF / Missing Authentication
Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication Advisory URL: https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/ ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02 CVE-ID...
Authentication flaw
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication...
CVE-2016-5791
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication...
Bashware lets malware evade detection by exploiting Windows 10′ Linux Shell
By Waqas Bashware Technique Can Exploit Windows Subsystem for Linux WSL to This is a post from HackRead.com Read the original post: Bashware lets malware evade detection by exploiting Windows 10 Linux Shell...
Cisco ASR StarOS CLI Command Injection Local Privilege Escalation (cisco-sa-20170705-asrcmd)
According to its self-reported version and model number, the remote Cisco ASR device is affected by a privilege escalation vulnerability in StarOS in the Command Line Interface CLI due to improper sanitization of commands passed to the Linux shell. A local attacker can exploit this, via specially...
Command injection
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...