CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

Design/Logic Flaw

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

CVE-2017-6714

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

CVE-2017-6707

CVE-2017-6707 affects Cisco StarOS CLI on ASR 5000/5500/5700 series and Cisco VPC Software. The issue stems from improper sanitization of CLI commands before they are inserted into Linux shell commands, allowing an authenticated local attacker to break out of the StarOS CLI and execute arbitrary ...

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and...

Cisco Prime Network Information Disclosure Vulnerability

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checking mechanisms in the...

CVE-2017-6718

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT...

Code injection

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT...

CVE-2017-6719

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases:...

CVE-2017-6718

CVE-2017-6718 affects Cisco IOS XR Software: a privilege-escalation flaw in the CLI caused by incorrect permissions on binary files, enabling an authenticated, local attacker to gain root privileges. Affected release: 6.2.1.BASE. Fixed releases: 6.2.11.3i.ROUT, 6.2.1.29i.ROUT, 6.2.1.26i.ROUT. Exp...

CVE-2017-6719

CVE-2017-6719 affects Cisco IOS XR Software CLI. A vulnerability due to insufficient input validation in a command processing path allows an authenticated, local attacker to execute arbitrary commands on the host OS with root privileges (Command Injection). Affected releases include 6.2.1.BASE; f...

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

Directory Traversal

Overview fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 hos...

Cisco IOS XR Software Local Command Injection Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. Cisco IOS XR Software has a security vulnerability in the CLI implementation, where an authenticated local attacker can execute arbitrary commands with root privileges on the host...

[SECURITY] Fedora 25 Update: wireshark-2.2.7-1.fc25

Metapackage with installs wireshark-cli and wireshark-qt...

Cisco IOS XR Software Privilege Escalation Vulnerability (cisco-sa-20170621-ios1)

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Cisco IOS XR Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect permission settings on binary files in the affected software. An attacker could exploit this vulnerability by sending...

How do I Set Specific SSL Protocols on XenMobile Server 10.6

With our strong emphasis in security, the ability to specify the SSL protocols supported by XenMobile Server is critical to our customers to help them to control which SSL Protocols they allow to access XenMobile. With XenMobile Server 10.6, we introduce a new CLI option that allows the...

Cisco Elastic Services Controller Default Administrator Credentials Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. Cisco Elastic Services Controllers has a security vulnerability in the ConfD CLI implementation that stems from the presence of a default, weak, hard-coded password for the admin user on the affected system. A remote...