188 matches found
CVE-2019-15998
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
CVE-2019-15998
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
Design/Logic Flaw
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
CVE-2019-15998 Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
CVE-2019-15998
Cisco IOS XR Software NETCONF over SSH ACL bypass (CVE-2019-15998) arises from a missing check in the NETCONF over SSH ACL. Affected versions include Cisco IOS XR 6.5.1 and 6.5.2. The vulnerability could allow an attacker with valid credentials to connect to the NETCONF port despite an ACL that d...
CVE-2019-15998 Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
Cisco IOS XR Access Control Error Vulnerability
Cisco IOS XR is a set of operating systems developed by the American company Cisco Cisco for its network equipment. An access control error vulnerability exists in the access control logic for NETCONF over Secure Shell SSH in Cisco IOS XR versions 6.5.1 and 6.5.2, which stems from a lack of...
Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability
A vulnerability in the access-control logic of the NETCONF over Secure Shell SSH of Cisco IOS XR Software may allow connections despite an access control list ACL that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the...
Design/Logic Flaw
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management NACM allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF...
CVE-2018-19648
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management NACM allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF...
CVE-2018-19648
The CVE-2018-19648 entry concerns ADTRAN PMAA versions 1.6.2-1, 1.6.3, and 1.6.4. The root cause is a flaw in NETCONF Access Management (NACM) that lets unprivileged users create privileged accounts and run arbitrary commands through the diagnostic-profile over RESTCONF. Impact, per the sources, ...
CVE-2018-19648
An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETCONF Access Management NACM allows unprivileged users to create privileged users and execute arbitrary commands via the use of the diagnostic-profile over RESTCONF...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
Xxe
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-1000614
CVE-2018-1000614 affects ONOS Controller version 1.13.1 and earlier. The XML External Entity (XXE) vulnerability is in providers/netconf/alarm/NetconfAlarmTranslator.java, allowing a remote, unauthenticated attacker to launch XXE attacks via crafted protocol messages. CVSSv3 base score 9.8 (CRITI...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-0286
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...
CVE-2018-0286
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...
Design/Logic Flaw
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...
CVE-2018-0286
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could...