17 matches found
EUVD-2024-26934
Malicious code in bioql PyPI...
CVE-2024-29960
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Summary Get a valid API token, make sure you can access api functions, then replace string on my PoC code, Test on offical OVA image, it's a old version 23.9.1, but this vulerable is also exists on latest version 24.2.0 Details in file apifunctions.php, line 307 for function listdevices php $orde...
CVE-2024-29960
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...
CVE-2024-29960 Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...
CVE-2024-29960 Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...
CVE-2024-29960
CVE-2024-29960 involves Brocade SANnav: in SANnav VMs based on the official OVA images, SSH keys are identical in every installation for versions before 2.3.1 and 2.3.0a, enabling MITM on SSH. This allows an attacker to decrypt and compromise SSH traffic to the SANnav appliance. The issue is tied...
Broadcom Brocade SANnav 信任管理问题漏洞
Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Brocade SANnav versions v2.3.1 and v2.3.0a, which stems from the fact that the SSH key within the OVA image is hardcoded and is the same in the VM every time SANnav is...
Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav...
CommScope Ruckus IoT Controller 信任管理问题漏洞
The Commscope CommScope Ruckus IoT Controller is an IoT controller from Commscope, Inc. A virtual controller that integrates with the SmartZone controller to perform connectivity, device and security management functions for non-Wi-Fi devices. A trust management issue vulnerability exists in the...
The vulnerability of NX-OS and Cisco IOS XE operating systems arises from errors during the verification of the electronic signature when installing an Open Virtual Appliance (OVA) image. This vulnerability allows a perpetrator to install malware onto a vulnerable device.
The vulnerability of NX-OS and Cisco IOS XE operating systems is related to errors during the verification of the electronic signature when installing an Open Virtual Appliance OVA image. Exploiting this vulnerability allows a perpetrator to install malware onto a vulnerable device...
CVE-2019-12662
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
CVE-2019-12662
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
Design/Logic Flaw
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
CVE-2019-12662 Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass Vulnerability
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...