CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...

CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...

Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability

A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...

Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

Cisco IOS XE Software Local Privilege Escalation Vulnerability

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...

CVE-2021-1370 Cisco IOS XR Software for Cisco 8000 Series Routers and Network Convergence System 540 Series Routers Privilege Escalation Vulnerability

A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker...

Memory corruption

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An...

Heap overflow

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging IRB interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge CE device may cause memory leak...

Command injection

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user execute...

CVE-2021-0215 Junos OS: EX Series, QFX Series, SRX Branch Series, MX Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. An...

CVE-2021-0202 Junos OS: MX Series, EX9200 Series: Trio-based MPC memory leak when Integrated Routing and Bridging (IRB) interface is mapped to a VPLS instance or a Bridge-Domain

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC Modular Port Concentrator where Integrated Routing and Bridging IRB interface is configured and it is mapped to a VPLS instance or a Bridge-Domain, certain network events at Customer Edge CE device may cause memory leak...

PT-2021-2135 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos versions 17.3R3-S8 through 17.4R3-S2 Junos versions 18.2R3-S4 through 18.2R3-S5 Junos versions 18.3R3-S2 through 18.3R3-S3 Junos versions 18.4R3-S1 through 18.4R3-S6 Junos versions 19.2R2 through 19.2R3-S1 Junos versions 19.4R2 through...

CVE-2020-3530

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

CVE-2020-3530 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...

CVE-2020-3504 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

CVE-2020-1643

CVE-2020-1643 affects Juniper Networks Junos OS on EX2300/EX3400 devices with ARM processors. The issue arises when executing specific CLI commands (show ospf interface extensive/detail) with OSPF authentication enabled, which can crash the routing protocols daemon (RPD) and cause a DoS through r...

Cisco Unified Computing System Fabric Interconnect Root Privilege Escalation (cisco-sa-20190828-ucs-privescalation)

According to its self-reported version, Cisco NX-OS Software on Cisco Unified Computing System Fabric Interconnects is affected by a vulnerability in a specific CLI command within the local management local-mgmt context due to extraneous subcommand options. An authenticated, local attacker can...

Cisco ASA Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...

Cisco FTD Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)

According to its self-reported version, Cisco FTD Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

According to its self-reported version, Cisco NX-OS Software is affected by following vulnerability - A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device.The...