7988 matches found
Design/Logic Flaw
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...
Design/Logic Flaw
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...
CVE-2018-0481 Cisco IOS XE Software Command Injection Vulnerabilities
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...
CVE-2018-0433 Cisco SD-WAN Solution Command Injection Vulnerability
A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...
CVE-2018-0477 Cisco IOS XE Software Command Injection Vulnerabilities
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...
CVE-2018-15368
CVE-2018-15368 is Cisco IOS XE Software Privileged EXEC Mode Root Shell Access. The issue arises in the CLI parser: under authenticated local access (privilege level 15) an attacker can send crafted CLI commands that bypass argument sanitization and modify the underlying Linux filesystem, gaining...
CVE-2018-0481
The CVE-2018-0481 issue is a vulnerability in the Cisco IOS XE Software CLI parser that allows a locally authenticated attacker with privileged EXEC access to inject and run arbitrary commands as root on the device’s Linux shell. Root cause: improper sanitization of CLI command arguments, allowin...
CVE-2018-0433
CVE-2018-0433 describes a local, authenticated command-injection vulnerability in the Cisco SD-WAN Solution CLI caused by insufficient input validation. Affected: Cisco SD-WAN Solution (CLI) on eligible devices; an attacker who can authenticate to the CLI can craft input that leads to arbitrary c...
CVE-2018-0477 Cisco IOS XE Software Command Injection Vulnerabilities
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...
CVE-2018-0477
The CVE-2018-0477 entry describes a local, command-injection vulnerability in the CLI parser of Cisco IOS XE Software. An authenticated attacker with Privilege Level 15 can exploit improper sanitization of CLI command arguments to access internal data structures and execute arbitrary root command...
CVE-2018-0453
Cisco Firepower Management Center and Firepower System Software (FTD sensors) are affected by CVE-2018-0453. The issue stems from insufficient validation of CLI commands sent via the Sourcefire tunnel control channel, allowing an authenticated, local attacker with root privileges on at least one ...
CVE-2018-15368 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...
CVE-2018-0481 Cisco IOS XE Software Command Injection Vulnerabilities
A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...
CVE-2018-0453 Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...
CVE-2018-0453 Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...
Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability
A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...
RHEL 7 : ceph-iscsi-cli (RHSA-2018:2838)
An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 7 : ceph-iscsi-cli (RHSA-2018:2837)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2837 advisory. ceph-iscsi-cli provides a CLI interface similar to the targetcli tool used to interact with the kernel LIO subsystem. Security Fixes: It was found th...
ceph-iscsi-cli: rbd-target-api service runs in debug mode allowing for remote command execution
It was found that rbd-target-api service provided by ceph-iscsi-cli was running in debug mode. An unauthenticated attacker could use this to remotely execute arbitrary code and escalate privileges...
Critical: Red Hat Security Advisory: ceph-iscsi-cli security update
An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 2.5 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...