146 matches found
PT-2022-4744 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.2.0 through 6.2.11 FortiOS versions 6.4.0 through 6.4.8 FortiOS versions 7.0.0 through 7.0.5 Description: The issue is related to improper access control, allowing an authenticated attacker with a restricted user profile to...
CVE-2022-26117
An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...
CVE-2022-26117
FortiNAC contains an empty password vulnerability in its configuration file that could allow an authenticated attacker to access the MySQL databases via the CLI. Affected FortiNAC versions include 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, ...
Unable to access ADC GUI while CLI is accessible.
ADC GUI is inaccessible. Ping and CLI is working. /Var folder was normal. Internal services are UP. GUI is enabled for NSIPif not use command : set ns ip -gui enabled...
Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59171)
Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a faulty remotetextfile in rconfig, to detect threats and prevent data loss, detect malicious behavior, identify traffic...
Fidelis Network Deception has an unspecified vulnerability (CNVD-2022-59167)
Fidelis Network Deception is a security product from Fidelis USA, Inc. It is used to detect threats and prevent data loss, with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats.A security vulnerability exists in version...
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
Design/Logic Flaw
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
Fidelis Network Deception 命令注入漏洞
Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a faulty remotetextfile in rconfig, to detect threats and prevent data loss, detect malicious behavior, identify traffic...
CVE-2022-24388
Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...
Cisco Ultra Cloud Core 安全漏洞
Cisco Ultra Cloud Core is a Kubernetes-based solution from Cisco. It provides a common execution environment for Cisco's container-based 5G applications. A security vulnerability exists in Cisco Ultra Cloud Core that allows an authenticated, local attacker to exploit the vulnerability to escalate...
CVE-2021-31358
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
Command injection
A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...
CVE-2021-31357
CVE-2021-31357 describes a command-injection vulnerability in Juniper Networks Junos OS Evolved specifically in the tcpdump command processing. The issue allows an attacker with authenticated CLI access to bypass CLI command restrictions and execute arbitrary shell commands within the current use...
CVE-2021-31356 Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts
A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...
PT-2021-19256 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.4R3-S1-EVO Juniper Networks Junos OS Evolved versions 21.1-EVO and 21.2-EVO Description: A command injection issue in command processing allows an attacker with authenticated CLI access t...
Cisco Firepower Management Center Information Disclosure (cisco-sa-fmc-infodisc-RJdktM6f)
The version of Cisco Firepower Management Center installed on the remote host is prior to 6.7.0. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-fmc-infodisc-RJdktM6f advisory. Specifically, a vulnerability in the storage of proxy server credentials of Cisco Firepower...
Design/Logic Flaw
A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...
Improper access control
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0TY.T6...
CVE-2021-1375 Cisco IOS XE Software Fast Reload Vulnerabilities
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...