38 matches found
Astra Linux - уязвимость в net-snmp
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
CVE-2026-20180 Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine is an identity services engine developed by Cisco, a US-based company. This platform collects real-time information from networks, users, and devices, and develops and implements policies to manage the network. There is a security vulnerability in Cisco Identity...
VulnCheck KEV: CVE-2026-20122
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...
CVE-2026-20122
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...
CVE-2026-20122
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...
CVE-2026-20122 Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...
CVE-2026-20122 Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...
PT-2026-21952
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description An issue in the API of Cisco Catalyst SD-WAN Manager, specifically within the Data Collection Agent DCA service, results from improper file handling and the incorrect us...
CVE-2025-20346
A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control RBAC. An attacker...
PT-2025-46864
Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description A flaw exists in Cisco Catalyst Center that could allow a remote attacker with valid read-only user credentials to perform actions typically reserved for Administrator privilege...
CVE-2025-20332
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this...
CVE-2025-20213
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. To exploit this vulnerability, the attacker must have valid read-only credentials...
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite (cisco-sa-sdwan-fileoverwrite-Uc9tXWH)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of...
CVE-2025-20125
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
CVE-2025-20124
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...
CVE-2025-20125
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation o...
CVE-2025-20125
Cisco ISE (Identity Services Engine) vulnerability CVE-2025-20125 affects the API layer and is tied to multiple issues including insecure Java deserialization and inadequate authorization. An attacker with valid read-only credentials can remotely access the device to obtain sensitive information,...