CVE-2019-1607 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1606

The CVE-2019-1606 entry describes a Cisco NX-OS CLI command-injection vulnerability. Affected products are Nexus 3000, 3500, and Nexus 9000 Series switches operating in Standalone NX-OS mode, with vulnerable versions prior to 7.0(3)I7(4). The flaw arises from insufficient validation of arguments ...

CVE-2019-1606 Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1607

CVE-2019-1607 is a Cisco NX-OS CLI command injection vulnerability. It stems from insufficient validation of arguments passed to certain CLI commands, allowing an authenticated, local attacker with administrator credentials to run arbitrary OS commands with elevated privileges. Affected products ...

CVE-2019-1603

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to escalate lower-level privileges to the administrator level. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the...

Input validation

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive data that could be used to elevate their privileges to administrator. The vulnerability is due to improper implementation of filesystem permissions. An attacker...

CVE-2019-1603

CVE-2019-1603 affects Cisco NX-OS Software CLI. An authenticated, local attacker can escalate privileges due to insufficient authorization enforcement, enabling changes at the administrator level. Affected: Nexus 3000 series (before 7.0(3)I7(4)), Nexus 3500/3600 platforms (before 7.0(3)I7(4)/7.0(...

CVE-2019-3781 CF CLI does not sanitize user's password in verbose/trace/debug

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...

CVE-2019-3781

CVE-2019-3781 affects Cloud Foundry CLI (cf-cli) prior to version 6.43.0. The root cause is improper redaction of passwords in verbose/trace/debug logging, enabling either local or remote attackers with log access to obtain part or all of a user’s password. Public docs from SUSE and OSV confirm t...

Default credentials

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...

CVE-2019-3781

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...

CVE-2019-3781

Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passwords when verbose/trace/debugging is turned on. A local unauthenticated or remote authenticated malicious user with access to logs may gain part or all of a users password...

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Imperva SecureSphere PWS Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Imperva SecureSphere...

Input validation

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

CVE-2019-1591

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...

CVE-2019-1591

CVE-2019-1591 affects Cisco Nexus 9000 Series switches in ACI Mode. Affected due to insufficient sanitization of user input in a specific CLI command, allowing an authenticated, local attacker to escape the restricted shell and execute arbitrary commands with root-level privileges. Affected devic...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1612)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1606)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1608)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2019-1607)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...