222 matches found
U.S. and U.K. Warn of Russian Hackers Exploiting Cisco Router Flaws for Espionage
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targete...
CVE-2023-26602
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution...
SUSE CVE-2007-5846
The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value...
SUSE CVE-2008-0960
SNMPv3 HMAC verification in 1 Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; 2 UCD-SNMP; 3 eCos; 4 Juniper Session and Resource Control SRC C-series 1.0.0 through 2.0.0; 5 NetApp aka Network Appliance Data ONTAP 7.3RC1 and 7.3RC2; 6 SNMP Research before 16.2; 7...
SUSE CVE-2008-4309
Integer overflow in the netsnmpcreatesubtreecache function in agent/snmpagent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service crash via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow,...
SUSE CVE-2020-15861
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following...
SUSE CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...
CVE-2023-22401
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon aftmand of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. On the PTX10008 and PTX10016 platforms running Junos ...
CVE-2022-45315
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet...
CVE-2022-20918
A vulnerability in the Simple Network Management Protocol SNMP access controls for Cisco FirePOWER Software for Adaptive Security Appliance ASA FirePOWER module, Cisco Firepower Management Center FMC Software, and Cisco Next-Generation Intrusion Prevention System NGIPS Software could allow an...
PT-2022-6089 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the Simple Network Management Protocol SNMP feature cou...
CVE-2022-42711
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...
CVE-2022-36307
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...
CVE-2022-36310
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models...
PT-2022-23303 · Airspan · Airspan Airvelocity 1500
Name of the Vulnerable Software and Affected Versions: Airspan AirVelocity 1500 versions prior to 15.18.00.2511 Description: The web management UI of the affected software displays SNMP credentials in plaintext and stores SNMPv3 credentials unhashed on the filesystem. This allows anyone with web...
CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
UBUNTU-CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
Advantech iView SQL注入漏洞
Advantech Iview, a software based on Simple Network Protocol SNMP for managing B B SmartWorx devices from Advantech, China, is vulnerable to a SQL injection vulnerability in Advantech iView, which stems from a special element used in SQL commands that is not neutralized. An unauthorized attacker...
CVE-2022-22276
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user...
CVE-2022-20684
A vulnerability in Simple Network Management Protocol SNMP trap generation for wireless clients of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause an affected device to unexpectedly reload, resulting in a denial of...