Input validation

An Improper Input Validation vulnerability in J-Web of Juniper Networks Junos OS allows a locally authenticated J-Web attacker to escalate their privileges to root over the target device. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to...

Cisco IOS XE Software Bypass Vulnerability

Cisco IOS XE Software is an operating system from the U.S. company Cisco Cisco. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity.Cisco IOS XE Software is vulnerable to an exploit that could be used ...

Citrix Provisioning Services - vDisk Version Promotion Results In Failed Boot

After a vDisk version promotion Target Devices cannot successfully boot from the version. The Target might BSOD or hang at the UEFI splash screen. The vDisk version promotion prior to attempting to boot a device may appear to take a long time or cause a console error. The Provisioning servers fro...

CVE-2021-22449

There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device...

Citrix Provisioning Services - Target Device(s) Hang After 96 Hours With No PVS License

After a license server upgrade to support PVS 1912 LTSR from 7.15 LTSR Target Devices may immediately report entering "grace period". After 96 hours of uptime the Target Device may appear to freeze. Target Device hangs or freezes are typically first found in the Studio console by a CVAD...

Citrix Provisioning Services - Target Fails To BDM Boot When Running The Imaging Wizard

When using BDM to boot the Master Target Device to capture a new vDisk it fails to boot. With verbose mode enabled in the bootstrap you will see the Target download the bootstrap and then login to a PVS Server at which point it will sit at a black screen indefinitely...

Juniper Networks Junos OS 输入验证错误漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS has an input validation error vulnerability that could be exploited by an attacker to elevate his privileges to...

CVE-2021-22365

There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause...

CVE-2021-31251

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to...

CVE-2021-31251

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to...

Huawei S5700 and S5800 Denial of Service Vulnerability

A denial-of-service vulnerability exists in the Huawei S5700 and Huawei S6700, both enterprise switches from Huawei of China. The vulnerability stems from a program that does not properly validate input. An attacker could use the vulnerability to cause a service exception on the target device by...

Target device fails to boot from promoted vdisk : LoadImage error: not found

Create a new vdisk version ,make changes to this version ,and boot target device from the new version failed: LoadImage error: not found...

CVE-2021-22330

There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131C00E130R1P21 when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input paramete...

Target device fails to boot with "vDisk is locked. 0xffff800c"

When trying to boot a target device, we observe-...

Failed to uninstall/install PVS target device software via SCCM or command line.

When using SCCM or using a command line, PVS target device installation failed due to filesystem filter driver CFsDep2.inf is not installed error...

CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to...

CVE-2020-9205

There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to...

Citrix Provisioning Services Boot Degradation With Cylance Protect

1. Target Device TD boot times increase when Cylance Protect 2.1 is installed within the vDisk. The boot delay is after the OS has been delivered to the Target Device and is now resident in RAM. This is after our Target has transitioned from Single IO to Multi IO mode in a BIOS based TD...

Input validation

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...

CVE-2020-9200

There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this...