Lucene search
K

146 matches found

Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.4 views

PT-2022-4744 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.2.0 through 6.2.11 FortiOS versions 6.4.0 through 6.4.8 FortiOS versions 7.0.0 through 7.0.5 Description: The issue is related to improper access control, allowing an authenticated attacker with a restricted user profile to...

4.3CVSS4.3AI score0.00472EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/07/18 12:0 a.m.11 views

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

8.8CVSS6.8AI score0.00876EPSS
Exploits0References2
CVE
CVE
added 2022/07/18 12:0 a.m.74 views

CVE-2022-26117

FortiNAC contains an empty password vulnerability in its configuration file that could allow an authenticated attacker to access the MySQL databases via the CLI. Affected FortiNAC versions include 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, ...

8.8CVSS8.5AI score0.00876EPSS
Exploits0References2Affected Software1
Citrix
Citrix
added 2022/06/24 12:0 a.m.7 views

Unable to access ADC GUI while CLI is accessible.

ADC GUI is inaccessible. Ping and CLI is working. /Var folder was normal. Internal services are UP. GUI is enabled for NSIPif not use command : set ns ip -gui enabled...

7.3AI score
Exploits0
CNVD
CNVD
added 2022/05/19 12:0 a.m.17 views

Fidelis Network Deception Command Injection Vulnerability (CNVD-2022-59171)

Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a faulty remotetextfile in rconfig, to detect threats and prevent data loss, detect malicious behavior, identify traffic...

8.8CVSS2.2AI score0.0115EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/19 12:0 a.m.27 views

Fidelis Network Deception has an unspecified vulnerability (CNVD-2022-59167)

Fidelis Network Deception is a security product from Fidelis USA, Inc. It is used to detect threats and prevent data loss, with features such as detecting malicious behavior, identifying traffic anomalies, and automatically responding to advanced threats.A security vulnerability exists in version...

7.8CVSS2AI score0.00375EPSS
Exploits1References1
OSV
OSV
added 2022/05/17 8:15 p.m.2 views

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

8.8CVSS7.3AI score0.01342EPSS
Exploits0References1
Prion
Prion
added 2022/05/17 8:15 p.m.11 views

Design/Logic Flaw

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

9CVSS8.5AI score0.01342EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.6 views

Fidelis Network Deception 命令注入漏洞

Fidelis Network Deception is a security product from Fidelis USA. A security vulnerability exists in versions prior to Fidelis Network Deception 9.4.5, which stems from a faulty remotetextfile in rconfig, to detect threats and prevent data loss, detect malicious behavior, identify traffic...

8.8CVSS5.6AI score0.0115EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:30 p.m.5 views

CVE-2022-24388

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network...

9CVSS7.3AI score0.01342EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.4 views

Cisco Ultra Cloud Core 安全漏洞

Cisco Ultra Cloud Core is a Kubernetes-based solution from Cisco. It provides a common execution environment for Cisco's container-based 5G applications. A security vulnerability exists in Cisco Ultra Cloud Core that allows an authenticated, local attacker to exploit the vulnerability to escalate...

7.8CVSS7.8AI score0.00253EPSS
Exploits0References5
NVD
NVD
added 2021/10/19 7:15 p.m.18 views

CVE-2021-31358

A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...

7.8CVSS0.00624EPSS
Exploits0References1
Prion
Prion
added 2021/10/19 7:15 p.m.19 views

Command injection

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...

7.2CVSS8AI score0.0087EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/19 6:16 p.m.56 views

CVE-2021-31357

CVE-2021-31357 describes a command-injection vulnerability in Juniper Networks Junos OS Evolved specifically in the tcpdump command processing. The issue allows an attacker with authenticated CLI access to bypass CLI command restrictions and execute arbitrary shell commands within the current use...

7.8CVSS8AI score0.00631EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 6:16 p.m.27 views

CVE-2021-31356 Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts

A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an...

7.8CVSS8.1AI score0.0087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/10/19 12:0 a.m.5 views

PT-2021-19256 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.4R3-S1-EVO Juniper Networks Junos OS Evolved versions 21.1-EVO and 21.2-EVO Description: A command injection issue in command processing allows an attacker with authenticated CLI access t...

7.8CVSS8.1AI score0.0087EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/05/21 12:0 a.m.27 views

Cisco Firepower Management Center Information Disclosure (cisco-sa-fmc-infodisc-RJdktM6f)

The version of Cisco Firepower Management Center installed on the remote host is prior to 6.7.0. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-fmc-infodisc-RJdktM6f advisory. Specifically, a vulnerability in the storage of proxy server credentials of Cisco Firepower...

5.5CVSS5.8AI score0.00259EPSS
Exploits0References4
Prion
Prion
added 2021/05/06 1:15 p.m.17 views

Design/Logic Flaw

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance SMA could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An...

7.2CVSS6.9AI score0.00275EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/13 4:15 p.m.22 views

Improper access control

A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0TY.T6...

5CVSS9.3AI score0.01002EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/24 8:15 p.m.30 views

CVE-2021-1375 Cisco IOS XE Software Fast Reload Vulnerabilities

Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...

6.7CVSS6.9AI score0.00232EPSS
Exploits0References1
Rows per page
Query Builder