CVE-2023-44187 Junos OS Evolved: 'file copy' CLI command can disclose password to shell users

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. Th...

PT-2023-6330 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S10 Junos OS versions 19.2 prior to 19.2R3-S7 Junos OS versions 19.3 prior to 19.3R3-S8 Junos OS versions 19.4 prior to 19.4R3-S12 Junos OS versions 20.2 prior to 20.2R3-S8 Junos OS versions 20.4 prior to...

Command injection

An improper neutralization of special elements used in an os command 'OS Command Injection' vulnerability CWE-78 in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local...

CVE-2023-42788

An improper neutralization of special elements used in an os command 'OS Command Injection' vulnerability CWE-78 in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local...

CVE-2023-42788

An improper neutralization of special elements used in an os command 'OS Command Injection' vulnerability CWE-78 in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local...

PT-2023-5997 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiManager & FortiAnalyzer version 7.4.0 FortiManager & FortiAnalyzer versions 7.2.0 through 7.2.3 FortiManager & FortiAnalyzer versions 7.0.0 through 7.0.8 FortiManager & FortiAnalyzer versions 6.4.0 through 6.4.12 FortiManager &...

CVE-2023-20237

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this...

CVE-2023-20237

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this...

PT-2023-4616 · Cisco · Cisco Intersight Virtual Appliance

Name of the Vulnerable Software and Affected Versions: Cisco Intersight Virtual Appliance affected versions not specified Description: A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise...

Cisco Evolved Programmable Network Manager Stored Command Injection (cisco-sa-adeos-MLAyEcvk)

A vulnerability in the restricted shell of Cisco EPNM could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. This vulnerability is due to improper validation of parameters that are sent to a certain CLI command with...

Cisco NX-OS CLI Command Software Image Signature Verification (CVE-2019-1813)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not...

Cisco NX-OS CLI Command Software Image Signature Verification (CVE-2019-1812)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not...

Cisco NX-OS Software Virtualization Manager Command Injection (CVE-2019-12717)

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Shell Escape (CVE-2019-1591)

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

Cisco Unified Computing System Fabric Interconnect root Privilege Escalation (CVE-2019-1966)

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

Cisco NX-OS CLI Command Software Image Signature Verification (CVE-2019-1811)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. The vulnerability exists because software digital signatures are not...

Cisco FXOS and NX-OS Software Sensitive File Read Information Disclosure (CVE-2019-1734)

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

CVE-2023-36838

An Out-of-bounds Read vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service DoS. If a low privileged user executes a specific CLI command, flowd which is responsible for...

CVE-2023-36838

An Out-of-bounds Read vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service DoS. If a low privileged user executes a specific CLI command, flowd which is responsible for...