Cisco IOS XE Software User EXEC Mode Root Shell Access Multiple Vulnerabilities (cisco-sa-20180328-privesc1)

According to its self-reported version, Cisco IOS XE Software is affected by multiple vulnerabilities in the CLI parser due to improper sanitization of command arguments to prevent access to internal data structures on a device. An authenticated, local attacker with user EXEC mode access to an...

Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability

The Medtronic Valleylab FT10 and Valleylab FX8 are both power supply devices for the medical industry from Medtronic. An input validation error vulnerability exists in the Valleylab FT10 and Valleylab FX8, which can be exploited by an attacker to gain local shell access...

GitLab: Path traversal, to RCE

Summary This one is similar to 732330 but much simpler. A path traversal issue in GitLab package registry API allow an attacker to write any file at any location writable to user git in a GitLab server. Steps to reproduce 1. Enable package registry in your GitLab instance. 2. Create a project...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-13539

CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...

CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

Cisco TelePresence CE Software, TC Software and RoomOS Software Elevation of Privilege Vulnerabilities

Cisco RoomOS Software is a suite of automated management software for Cisco devices from Cisco.Cisco TelePresence is a telepresence solution.Cisco TelePresence CE Software is an endpoint in a videoconferencing solution known as a telepresence system. Cisco TelePresence CE Software is an endpoint ...

Junos OS: Insecure PKI key pair export file permissions (JSA10974)

According to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability: PKI keys exported using the command 'run request security pki key-pair export' on Junos OS may have insecure file permissions. This allows another user on the Junos OS device with shell...

ZhiCms V1.0.4 suffers from a command execution vulnerability

ZhiCms is an enterprise building system based on PHP and mysql technology. ZhiCms V1.0.4 suffers from a command execution vulnerability, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to write a Trojan horse and execute it to...

Code Execution Vulnerability in ZhiCms V1.0.4

ZhiCms is an enterprise building system based on PHP and mysql technology. A code execution vulnerability exists in ZhiCms v1.0.4, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to write a Trojan horse and execute it to obtain...

ZhiCms V1.0.4 suffers from a command execution vulnerability (CNVD-2019-43081)

ZhiCms is an enterprise building system based on PHP and mysql technology. A code execution vulnerability exists in ZhiCms v1.0.4, which is due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to write a Trojan horse and execute it to obtain...

CVE-2019-9531

The CVE-2019-9531 entry affects the Cobham EXPLORER 710 portable satcom terminal running firmware version 1.07. Connected sources confirm that the web application portal allows unauthenticated access to port 5454, enabling an unauthenticated remote attacker to connect via Telnet and execute 86 At...

CVE-2019-0061 Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation

The management daemon MGD is responsible for all configuration and management operations in Junos OS. The Junos CLI communicates with MGD over an internal unix-domain socket and is granted special permission to open this protected mode socket. Due to a misconfiguration of the internal socket, a...

Cisco IOS XE Software Consent Token Bypass Vulnerability (cisco-sa-20190925-iosxe-ctbypass)

According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability it the CLI. The source of the vulnerability is insufficient enforcement of the consent token in authorizing shell access. By authenticating to the CLI and requesting shell access, an attacker could use th...

Cisco IOS XE Consent Token Bypass Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A consent token bypass vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from insufficient enforcement of consent tokens in authorized Shell access. An attacker could exploit this...

CVE-2019-12671

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

CVE-2019-12671

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

Design/Logic Flaw

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

CVE-2019-12671 Cisco IOS XE Software Consent Token Bypass Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...