Cisco SD-WAN Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain C...

Cisco IOS和Cisco IOS XE Software 安全漏洞

Cisco IOS and Cisco IOS XE Software are both products of Cisco, a U.S. company. Cisco IOS is a set of operating systems developed for its network devices. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network...

PT-2021-4320 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the TrustSec CLI parser could allow an authenticated, remote attacker to cause an affected device to reload due to an improper interaction...

Cisco SD-WAN Software Information Disclosure (cisco-sa-sd-wan-Fhqh8pKX)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file acces...

@asyncapi/cli (>=0.21.0 <=0.27.3), @asyncapi/dotnet-nats-template (>=0.2.0 <=0.8.4) +9 more potentially affected by CVE-2023-23619 via @asyncapi/modelina (>=0.11.0 <=0.9.0)

@asyncapi/modelina NPM version =0.11.0, =0.21.0, =0.2.0, =0.1.8, =0.3.33, =0.4.0, =0.0.1, =0.0.1, =0.1.0, =0.1.7 Source cves: CVE-2023-23619 Source advisory: OSV:GHSA-4JG2-84C2-PJ95...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

@agreejs/cli (>=0.0.2 <=3.2.43), @agreejs/h5-runner (=3.2.1) +116 more potentially affected by CVE-2021-3804 via @tarojs/helper (>=2.2.0-beta.0 <=3.3.8)

@tarojs/helper NPM version =2.2.0-beta.0, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =0.0.5, =2.2.13, =2.2.14 and more Source cves: CVE-2021-3804 Source advisory: OSV:GHSA-468Q-V4JJ-485H...

Arista Networks MOS Encryption Issue Vulnerability

Arista Networks MOS is a fully programmable and highly modular Linux-based network operating system from Arista Networks, Inc. that uses the familiar industry-standard CLI and runs a single binary software image in the Arista switch family. The vulnerability stems from the fact that the product...

Inefficient Regular Expression Complexity in jaywcjlove/colors-cli

✍️ Description The colors-cli package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted input to the ansi-regex functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS i...

CVE-2021-34719

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-34722

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-34719

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...

CVE-2021-34721

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...

Design/Logic Flaw

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this...

Design/Logic Flaw

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

Design/Logic Flaw

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-34771

CVE-2021-34771 affects Cisco IOS XR Software (CLI). The issue stems from insufficient restrictions during execution of a specific command, allowing an authenticated, local attacker to view sensitive configuration information beyond their privileges. Impact is information disclosure (confidentiali...

CVE-2021-34728

CVE-2021-34728 refers to multiple privilege-escalation flaws in Cisco IOS XR Software CLI. An authenticated, local attacker with a low-privileged account can elevate privileges on affected devices, potentially achieving root access. The vulnerabilities affect the CLI handling and are addressed by...