4960 matches found
Authentication flaw
A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...
Authorization
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...
CVE-2020-3382 Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...
CVE-2020-3382
Cisco DCNM (Data Center Network Manager) suffers an authentication-bypass via the REST API caused by shared static encryption keys across installations. An unauthenticated, remote attacker could craft a valid session token and perform arbitrary actions with administrative privileges on affected d...
CVE-2020-3384 Cisco Data Center Network Manager Command Injection Vulnerability
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...
CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
CVE-2020-3386
CVE-2020-3386 concerns Cisco Data Center Network Manager (DCNM) REST API: an authenticated, low-privileged user can bypass API authorization due to insufficient access controls and perform arbitrary actions with administrative privileges. Affected are DCNM deployments exposing the REST API; multi...
Critical, High-Severity Cisco Flaws Fixed in Data Center Network Manager
Cisco is warning of several critical and high-severity flaws in its Data Center Network Manager DCNM for managing network platforms and switches. DCNM is a platform for managing Cisco data centers that run Cisco’s NX-OS — the network operating system used by Cisco’s Nexus-series Ethernet switches...
Cisco Data Center Network Manager Authentication Bypass Vulnerability
A vulnerability in the REST API of Cisco Data Center Network Manager DCNM could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability exists because different installations share a...
Cisco Data Center Network Manager Command Injection Vulnerability
A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...
Cisco Data Center Network Manager Improper Authorization Vulnerability
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions...
CVE-2020-2077
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...
CVE-2020-2076
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...
Default configuration
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...
Authentication flaw
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write fil...
CVE-2020-2077
CVE-2020-2077 concerns SICK Package Analytics. The vulnerability arises from incorrect default permissions in SICK Package Analytics software, affecting versions up to and including V04.0.0, allowing an unauthorized remote attacker to read sensitive data via REST API queries. Some sources indicat...
CVE-2020-2077
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly...
CVE-2020-2076
CVE-2020-2076 affects SICK Package Analytics software up to and including version V04.0.0. The issue is an authentication bypass caused by direct REST API access, enabling an attacker to issue unauthorized requests and potentially write files without authentication. Public sources in the connecte...