2297 matches found
F5 Networks BIG-IP : F5 secure shell vulnerability (K03585731)
A user associated with the Resource Administrator role who has access to the secure copy scp utilitybut does not have access to Advanced Shell bashcan execute arbitrary commands using a maliciously crafted scp request.CVE-2020-5873 Impact An authenticated user with Resource Administrator role can...
Ntop nDPI Input Validation Error Vulnerability
Ntop nDPI is an open source library for deep packet inspection from Ntop Italy. An input validation error vulnerability exists in the SSH protocol parser in Ntop nDPI 3.2 Stable and prior versions, which can be exploited by attackers to execute code or perform network traffic analysis...
DEBIAN-CVE-2020-11939
In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concathashstring in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI...
Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25367)
Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in Evenroute IQrouter 3.3.1 and earlier versions, which stems from an empty password for the root account. The vulnerability can be exploited by an attacker to gain full remote access with the help of the...
CVE-2020-11965
In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...
VulnCheck KEV: CVE-2019-19754
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
CVE-2020-10262
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...
The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik allows a hacker to cause a service failure.
The vulnerability of the SSH daemon on the RouterOS operating system of MikroTik routers is related to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures by using system calls like connect and write...
CVE-2020-10888
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during...
MikroTik routers resource management error vulnerability
MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in the SSH daemon in MikroTik routers v6.44.3 and earlier versions. A remote attacker could exploit the vulnerability to cause new authorized connections to fail...
PT-2020-6923 · Mikrotik · Mikrotik Routeros
Name of the Vulnerable Software and Affected Versions: MikroTik Router versions 6.46.3 and earlier Description: The issue allows an attacker to cause a denial of service via misconfiguration in the SSH daemon, potentially leading to uncontrolled resource consumption. This can be exploited by a...
The vulnerability in the implementation of the Secure Shell protocol for the Windows operating system allows a perpetrator to increase their privileges.
The vulnerability of the SSH protocol implementation in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...
Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)
According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...
Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass (cisco-sa-20191120-iosxr-ssh-bypass)
According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the access-control logic of the NETCONF over Secure Shell SSH due to a missing check in the NETCONF over SSH access control list ACL. An unauthenticated, remote attacker can exploit this, by by...
DEBIAN-CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...
Microsoft Windows and Windows Server Privilege Mobilization Vulnerability (CNVD-2020-10153)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege extraction vulnerability exists in Microsoft Windows and Windows Server, which...
CVE-2020-0757
An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...
Windows SSH Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to...
SaltStack Salt Command Injection Vulnerability
SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and more. A command injection vulnerability exists in the salt-api NEST API ssh client enabled in SaltStack Salt 2019.2.0 and earlier. The...
The vulnerability of the WiFiRanger router’s microprogramming software, related to key management errors, allows a hacker to obtain access to the SSH key and gain root account access to the system.
The vulnerability of the WiFiRanger router’s microprogramming software is related to key management errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain access to the SSH key and gain control of the system with the root account...