31 matches found
UBUNTU-CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2020-16096
CVE-2020-16096 (Gallagher Command Centre) affects Gallagher Command Centre versions: 8.10 before 8.10.1134(MR4), 8.00 before 8.00.1161(MR5), 7.90 before 7.90.991(MR5), 7.80 before 7.80.960(MR2), and 7.70 and earlier. The issue allows any operator account to access data that would be replicated in...
CVE-2017-0932
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator read-only account and ssh connection to the devices could escalate privileg...
Privilege escalation
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...
CVE-2017-0934
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admin...
Privilege escalation
Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admin...
CVE-2017-0935
Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator read-only account could escalate privileges to admi...
Ubiquiti Inc.: Privilege Escalation with Session Hijacking Having a Non-privileged Valid User
EdgeOS version 1.9.1.1 and prior, consequence of lack of protection if the file-system, exposing sensitive information, an attacker with access to an operator read-only account, can escalate privileges to admin root access in the system...
Ubiquiti Inc.: Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking
EdgeOS version 1.9.1 and prior, consequence of lack of protection if the file-system, exposing sensitive information, an attacker with access to an operator read-only account, can escalate privileges to admin root access in the system...
Default Password (profense) for 'operator' Account
The account 'operator' on the remote host has the password 'profense'. An attacker may leverage this to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "operator"; password = "profense"; include'deprecatednasllevel.inc'; include'compat.inc...
sircd buffer overflow
Buffer overflow on DNS resolution, default operator account of !@...