Input validation

A vulnerability in the command line interface CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input...

CVE-2019-12699

CVE-2019-12699 concerns Cisco FXOS Software and Firepower Threat Defense (FTD) CLI command injection vulnerabilities due to insufficient input validation. An authenticated, local attacker could exploit crafted arguments to specific CLI commands to execute arbitrary OS commands with root privilege...

CVE-2019-12699 Cisco FXOS Software and Firepower Threat Defense Software Command Injection Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute commands on the underlying operating system OS with root privileges. These vulnerabilities are due to insufficient input validation. A...

CVE-2019-12694

Cisco Firepower Threat Defense (FTD) Software has a local command-injection vulnerability in the CLI. An authenticated, local attacker with administrative privileges can exploit insufficient input validation to execute commands on the underlying OS with root privileges. The issue affects multiple...

Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the command line interface CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input...

Denial Of Service (DoS)

github.com/docker/cli is vulnerable to denial of service. The vulnerability exists as it was possible to cause the billion laughs attack through parsing a malicious yaml file causing an application crash...

Command Injection in Zingbox Inspector

A command injection vulnerability exists in the Zingbox Inspector CLI that allows for an authenticated user to execute arbitrary system commands. Ref: CVE-2019-15014 The vulnerability allows for authenticated users to execute arbitrary commands within the product CLI console. This issue affects...

Tenant authentication bypass in Zingbox Inspector

A security vulnerability exists in the Zingbox Inspector where authentication is not required when binding the Inspector instance to a different customer tenant. Ref: CVE-2019-15018 The vulnerability allows a user to bind the Zingbox Inspector to another tenant, which can impact the functionality...

Cisco Small Business 220 Series - Multiple Vulnerabilities

!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...

Cisco ASR 9000 Series Cisco IOS XR Command Injection Vulnerability

The Cisco ASR 9000 Series is a 9000 series enterprise router from Cisco, Inc.Cisco IOS XR is an operating system developed by Cisco for its network devices. A command injection vulnerability exists in Cisco IOS XR 5.1.0 and later in the Cisco ASR 9000 Series, which stems from a program that does...

Cisco IOS XE ASIC Register Write Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. An ASIC register write vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from improper input validation and authorization of specific commands that a user can execute in the CLI. An...

CVE-2019-12717

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

CVE-2019-12709

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

Input validation

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The...

Input validation

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to write values to the underlying memory of an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An...

Input validation

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

CVE-2019-12717

CVE-2019-12717 affects Cisco NX-OS Software via a VMAN CLI command injection vulnerability. The root cause is insufficient validation of arguments passed to a specific VMAN CLI command, allowing an authenticated, local attacker (with administrator credentials) to run arbitrary commands on the und...

CVE-2019-12717 Cisco NX-OS Software Virtualization Manager Command Injection Vulnerability

A vulnerability in a CLI command related to the virtualization manager VMAN in Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of...

CVE-2019-12660

CVE-2019-12660 describes a vulnerability in the CLI of Cisco IOS XE Software where an authenticated, local attacker can write to the device’s memory due to improper input validation and command authorization. The attack could enable modification of the device configuration, leading to an insecure...