CVE-2019-12671

CVE-2019-12671 is Cisco IOS XE CLI consent-token bypass that allows an authenticated, local attacker to gain shell access and execute commands on the underlying OS by bypassing consent token enforcement. Affected software is Cisco IOS XE; root cause is insufficient enforcement of the consent toke...

CVE-2019-12671 Cisco IOS XE Software Consent Token Bypass Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

Cisco IOS XE Software Consent Token Bypass Vulnerability

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system OS. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell...

PT-2019-3338 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the...

F5 Networks BIG-IP : F5 tmsh vulnerability (K40378764)

"Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp . CVE-2019-6642 Impact...

CVE-2019-1010150

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

CVE-2019-1576

CVE-2019-1576: Command injection in PAN-OS affects PAN-OS 9.0.2 and earlier via the PAN-OS CLI. An authenticated attacker could exploit a failure in input handling to execute arbitrary commands and gain a remote shell with escalated permissions. The root cause is improper filtering during constru...

Command Injection in PAN-OS

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface CLI. Ref PAN-111872/ CVE-2019-1576 Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...

F5 Networks BIG-IP : BIG-IP TMUI XSS vulnerability (K79902360)

A reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface TMUI also known as the BIG-IP Configuration utility. CVE-2019-6625 Impact To perform the attack, a user must visit a specially crafted URL that includes the specific...

F5 Networks BIG-IP : iControl REST vulnerability (K20445457)

Undisclosed iControl REST worker vulnerable to command injection for an Administrator user. CVE-2019-6620 Impact BIG-IP and BIG-IQ This vulnerability may bypass Appliance mode security by allowing the execution of arbitrary bash commands. In non-Appliance mode deployments, the Administrator and...

CVE-2019-6642

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

Authentication flaw

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

CVE-2019-6642

In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, and 11.5.2-11.6.4, BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell...

Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability

ManageEngine ADSelfService Plus is a web-based self-service application that enables end-users to perform tasks such as password reset, account unlock, profile information update, etc. without relying on a help desk. An authentication bypass vulnerability exists in the password reset feature of...

CVE-2019-12789

CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...

Telus Actiontec T2200H Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept...

CVE-2019-6618

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and i...

CVE-2019-6615

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems...