CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

Information disclosure

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

libgovirt, spice, virt security update

CentOS Errata and Security Advisory CESA-2019:2229 An update for spice-gtk, libgovirt, spice-vdagent, and virt-viewer is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

CVE-2019-9697

CVE-2019-9697 affects the Symantec/Norton Management Center REST API (MC) versions 2.0, 2.1, and 2.2 prior to 2.2.2.1. A malicious authenticated user can leverage the MC REST API to obtain passwords for external backup and CPL policy import servers, exposing sensitive credentials that they would ...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability – (CVE-2019-12643)

Cisco published an update for Cisco IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of Cisco REST API virtual service container. The security issue is tracked as CVE-2019-12643 and has...

Critical Cisco VM Bug Allows Remote Takeover of Routers

A critical remote authentication-bypass vulnerability – with the highest possible severity level of 10 out of 10 on the CvSS scale – has been found in the Cisco REST API virtual service container for Cisco IOS XE Software. The bug CVE-2019-12643 affects the following hardware if running the REST...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is...

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Authentication flaw

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643 Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

CVE-2019-12643

The CVE-2019-12643 issue affects the Cisco REST API virtual service container used with Cisco IOS XE Software. Root cause: an improper check in the REST API authentication service allows bypassing authentication, enabling an unauthenticated, remote attacker to obtain the token-id of an authentica...

Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability

A vulnerability in the Cisco REST API virtual service container for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on the managed Cisco IOS XE device. The vulnerability is due to an improper check performed by the area of code that manages the REST...

Authentication bypass vulnerability in Cisco’s IOS XE REST API

This is an authentication bypass vulnerability in Cisco’s IOS XE series OS. While it can target a large swath of Cisco’s switches and routers, it requires the Cisco REST API Container for IOS to be turned on, as it is not on by default. Recent assessments: bwatters-r7 at September 12, 2019 6:06pm...

Information Disclosure Vulnerability in MC

SUMMARY The Symantec Management Center REST API is susceptible to an information disclosure vulnerability. A malicious authenticated user can obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access. AFFECTED PRODUCTS Management Cent...

Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability

According to its self-reported version number, the Cisco TelePresence VCS or Expressway Series on the remote host contains a vulnerability in the web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an authenticated, remote attacker t...

Scientific Linux Security Update : spice-gtk on SL7.x x86_64 (20190806)

The libgovirt packages contain a library that allows applications to use the oVirt Representational State Transfer REST API to list virtual machines VMs managed by an oVirt instance. The library is also used to get the connection parameters needed to establish a connection to the VMs using Simple...