8005 matches found
Command injection
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
Input validation
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...
CVE-2021-1382
Cisco IOS XE SD-WAN Software is affected by a local command-injection vulnerability in the CLI due to insufficient input validation on certain commands. An authenticated administrative user can submit crafted input to the CLI to execute arbitrary commands with root privileges. Cisco has released ...
CVE-2021-1383 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
CVE-2021-1383 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
CVE-2021-1383
Cisco IOS XE SD-WAN Software is affected by a parameter-injection vulnerability due to insufficient input validation of certain CLI commands. An authenticated, local attacker with administrative privileges could submit crafted CLI input to gain access to the underlying operating system with root ...
CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
CVE-2021-1392 Cisco IOS and IOS XE Software Common Industrial Protocol Privilege Escalation Vulnerability
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol CIP and then remotely configure the device as an administrative user. This vulnerability exists because...
CVE-2021-1454
Cisco IOS XE SD-WAN Software exposes Parameter Injection vulnerabilities in the CLI. An authenticated administrator can submit crafted CLI input to gain root access to the underlying OS on affected devices. Root cause is insufficient input validation of certain CLI commands. Cisco has released so...
CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
CVE-2021-1434 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...
CVE-2021-1434
CVE-2021-1434 affects Cisco IOS XE SD-WAN Software. The CLI contains insufficient validation of parameters for a specific command, enabling an authenticated, local attacker to overwrite arbitrary files on the underlying host file system. Exploitation requires issuing the crafted CLI command with ...
CVE-2021-1434 Cisco IOS XE SD-WAN Software Arbitrary File Corruption Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...
CVE-2021-1432 Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...
Cisco IOS XE SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An...
Cisco IOS XE Software Local Privilege Escalation Vulnerability
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This...
Cisco Aironet Access Points Arbitrary File Overwrite Vulnerability
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...
Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability
A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...
Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...