327 matches found
EUVD-2017-15688
Malware in sbrugna...
Cisco WAP371 Wireless Access Point Command Injection (cisco-sa-sb-wap-inject-bHStWgXO)
According to its self-reported version, Cisco WAP371 Wireless Access Point Command Injection is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid188066;...
Cisco Identity Services Engine RCE (cisco-sa-struts-C2kCMkmT)
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessu...
Cisco Identity Services Engine 3.1.x < 3.1P6, 3.2.x < 3.2P2 Arbitrary File Delete and File Read (cisco-sa-ise-file-delete-read-PK5ghDDd)
According to its self-reported version, Cisco Identity Services is affected by a vulnerability in the web-based management interface. These allow an authenticated, remote attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker...
Cisco Wireless LAN Controller AireOS Software FIPS Mode DoS (cisco-sa-wlc-dos-mKGRrsCB)
According to its self-reported version, Cisco Wireless LAN Controller WLC is affected by a denial of service Dos vulnerability. An unauthenticated, network-adjacent attacker can send specially crafted packets to an affected device causing it to crash. Please see the included Cisco BIDs and Cisco...
Cisco Unity Connection Improper Access Control (cisco-sa-ucm-access-dMKvV2DY)
The version of Cisco Unity Connection installed on the remote host is 14.x prior to 14SU2. It is, therefore, affected by an improper access control vulnerability. An authenticated attacker with read-only privileges can exploit this vulnerability to perform a set of administrative actions they...
Cisco Firepower Threat Defense Software Resource Exhaustion DoS (cisco-sa-asa-ftd-dos-Unk689XY)
According to its self-reported version, Cisco FTD Software is affected by a denial of service DoS vulnerability in memory management due to improper resource management when connection rates are high. An unauthenticated, remote attacker can exploit this, by opening a significant number of...
Cisco Firepower Management Center Software Authenticated Directory Traversal (cisco-sa-fmc-dir-traversal-95UyW5tk)
The version of Cisco Firepower Management Center installed on the remote host is affected by a directory traversal vulnerability as referenced in the cisco-sa-fmc-dir-traversal-95UyW5tk advisory. An authenticated, remote attacker can exploit this, by sending a crafted HTTPS request that contains...
Cisco Adaptive Security Appliance Software Identity-Based Rule Bypass (cisco-sa-asaftd-rule-bypass-ejjOgQEY)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco SD-WAN vManage Software Privilege Escalation (cisco-sa-sdwan-privesc-vman-kth3c82B)
According to its self-reported version, Cisco SD-WAN vManage Software is affected by a vulnerability due to incorrect privilege assignment. An authenticated, local attacker can exploit this to elevate their privileges from Administrator to root by creating a malicious file. Note that Nessus has n...
Cisco SD-WAN vManage SQLi (cisco-sa-sdw-sqlinj-HDJUeEAX)
According to its self-reported version, Cisco SD-WAN vManage Software is affected by a vulnerability in the web-based management interface due to improper validation of SQL queries. An authenticated, remote attacker can exploit this to execute SQL. Note that Nessus has not tested for this issue b...
Cisco SD-WAN vDaemon Buffer Overflow (cisco-sa-sdwan-vdaemon-bo-RuzzEA2)
According to its self-reported version, Cisco SD-WAN vManage Software is affected by a buffer overflow vulnerability due to incomplete bounds checks for vDaemon service data. An authenticated, local attacker can exploit this, by sending malicious data, in order to cause a denial of service DoS...
Cisco Adaptive Security Appliance Software Web Services Buffer Overflow DoS (cisco-sa-memc-dos-fncTyYKG)
According to its self-reported version, Cisco ASA Software is affected by a vulnerability due to insufficient boundary checks. An authenticated, remote attacker can exploit this, by sending a crafted HTTP request to the web services interface, in order to cause a denial of service DoS condition...
Cisco Unity Connection RCE (cisco-sa-cucm-rce-pqVYwyb)
The version of Cisco Unity Connection installed on the remote host is affected by a remote code execution vulnerability due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit this, by sending a SOAP API request with crafted parameters, in order to execu...
Cisco SD-WAN vManage Command Injection (cisco-sa-vman-cmdinj-nRHKgfHX)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco SD-WAN vManage Authorization Bypass (cisco-sa-vman-auth-bypass-Z3Zze5XC)
According to its self-reported version, Cisco SD-WAN vManage Software is affected by an unspecified vulnerability in the web-based management interface. An unauthenticated, remote attacker can exploit this by sending carefully crafted HTTP requests to the affected system. A successful exploit cou...
Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution (cisco-sa-ios-xe-iot-codexec-k46EFF6q)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco IOS XE Software SD WAN Command Injection (cisco-sa-xesdwcinj-t68PPW7m)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
Cisco SD-WAN vEdge Routers DoS (cisco-sa-fpdos-hORBfd9f)
According to its self-reported version, Cisco SD-WAN vEdge routers are affected by a denial of service DoS vulnerability in the deep packet inspection DPI engine due to improper processing of FTP traffic. An unauthentiated, remote attacker can exploit this to cause a DoS condition. Please see the...
Cisco SD-WAN Solution Command Injection (cisco-sa-sdwclici-cvrQpH9v)
According to its self-reported version, Cisco SD-WAN Solution is affected by a command injection vulnerability due to insufficient input validation. An authenticated, local attacker can exploit this, by authenticating to the device and submitting crafted input to the CLI utility, in order to inje...