Cisco TelePresence Collaboration Endpoint and RoomOS Audio Eavesdropping Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...

CVE-2019-1734

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

Design/Logic Flaw

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

CVE-2019-1734

CVE-2019-1734 affects Cisco FXOS and NX-OS Software. Root cause: incomplete RBAC verification in a CLI diagnostic command, allowing an authenticated, local attacker to arbitrarily read sensitive files with valid credentials. Impact: information disclosure; no exploitation details provided beyond ...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

CVE-2019-15710

FortiExtender OS command injection affects versions prior to 4.1.2. In the FortiExtender CLI admin console, authenticated administrators can execute arbitrary system commands via specially crafted “execute date” inputs, due to improper input sanitization. The vulnerability is documented in Fortin...

CVE-2019-15710

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes security vulnerability (CVE-2019-11247)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in Kubernetes API server that allows access to custom resources via wrong scope CVE-2019-11247. Vulnerability Details CVE-ID: CVE-2019-11247 Description: Kubernetes could allow a remote authenticated attacker to gain...

CVE-2010-0737

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

Input validation

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Python security vulnerability (CVE-2019-10160)

Summary IBM Cloud Kubernetes Service is vulnerable to CVE-2019-10160 Python security vulnerability which could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. Vulnerability Details CVE-ID: CVE-2019-10160 Description: Python...

UPDATE: FactionC2 2019-10-20

PenTestIT RSS Feed FactionC2 2019-10-20 was released a couple of days ago by the author. This C2 framework was briefly mentioned in my previous post titled List of Open Source C2 Post-Exploitation Frameworks. This release most importantly contains upgrades to .Net Core 3 version among additional...

Moxa EDR-810 Command Injection / Information Disclosure

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Moxa EDR-810 - Command Injection / Information Disclosure Vulnerabilities

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Moxa EDR-810 - Command Injection / Information Disclosure

During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...

Cisco FXOS Software Command Injection Vulnerability (CVE-2019-1779)

According to its self-reported version, Cisco FXOS Software is affected by the vulnerability that allows an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device with elevated privileges. The vulnerability is due to insufficient...

CVE-2019-15273

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

Design/Logic Flaw

Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to overwrite arbitrary files. The vulnerabilities are due to insufficient permission enforcement. An attacker could exploit these vulnerabilities by...

CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...

CVE-2019-15962

CVE-2019-15962 describes a local arbitrary file write vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software. The root cause is improper permission assignment in the CLI, allowing an authenticated, local attacker to log in as the remotesupport user and write files to the /root d...