The vulnerability of the implementation of Secure Copy Protocol and FTP (SFTP) protocols in the Cisco IOS XR operating system allows a hacker to induce a service failure.

The vulnerability of the Secure Copy Protocol and FTP SFTP implementations in the Cisco IOS XR operating system is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to cause service failures...

Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service DoS condition. The attacker would require valid user credentials to...

PT-2024-2575 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Secure Copy Protocol SCP and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a flaw in the Secure Copy Protocol SCP and SFTP functionality that could allow an authenticated, local attacker to create or overwrite files in the syste...

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

CVE-2024-21782

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

Command injection

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not have access to Advanced shell bash can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873...

CVE-2024-21782

CVE-2024-21782 affects BIG-IP and BIG-IQ where Resource Administrators or Certificate Managers with scp access but no bash access can run arbitrary commands via a crafted command string. It stems from an incomplete fix for CVE-2020-5873. F5 documents that vulnerable BIG-IP/BIG-IQ versions include...

F5 BIG-IP and F5 BIG-IQ Security Vulnerabilities

F5 BIG-IP and F5 BIG-IQ are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ is a software-based cloud management solution. The solution supports the...

PT-2024-1930 · F5 · Big-Iq +3

Name of the Vulnerable Software and Affected Versions: BIG-IP versions prior to the fixed version BIG-IQ versions prior to the fixed version Description: The issue allows BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy scp utility but do not ha...

The vulnerability of the PAN-OS operating system’s web interface allows attackers to obtain credentials in plain text for stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP.

The vulnerability of the PAN-OS operating system’s web interface is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to obtain login credentials in plain text for stored external system integrations such as LDAP, SCP, RADIUS, TACACS+,...

How to move a file from one Netscaler to another via CLI using SCP.

Understand how to utilize the SCP command to move a file from one ADC to another via CLI...

The vulnerability of the Authentication, Authorization, and Accounting (AAA) function, as well as the SCP function of Cisco IOS and Cisco IOS XE operating systems, allows attackers to circumvent security restrictions and obtain or modify the configuration of vulnerable devices.

The vulnerability of the Authentication, Authorization, and Accounting AAA function and the SCP function of Cisco IOS and Cisco IOS XE operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and obta...

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Cisco IOS Security Vulnerabilities

Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Cisco IOS software and Cisco IOS XE, which stems from a vulnerability in the authentication, authorization, and billing AAA functionality that could allow an authenticated, remote...

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application. "Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Tre...

K54336216: SCP vulnerability CVE-2019-6679

Security Advisory Description The system does not properly enforce the access controls for the scp.whitelist and scp.blacklist files when paths are symbolic links symlinks. This allows authenticated users with Secure Copy SCP protocol access to overwrite certain configuration files that would...