CVE-2018-0433

A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...

Input validation

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

Design/Logic Flaw

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

CVE-2018-0453 Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

CVE-2018-0477 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0453 Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

CVE-2018-0481 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0453

Cisco Firepower Management Center and Firepower System Software (FTD sensors) are affected by CVE-2018-0453. The issue stems from insufficient validation of CLI commands sent via the Sourcefire tunnel control channel, allowing an authenticated, local attacker with root privileges on at least one ...

CVE-2018-0433 Cisco SD-WAN Solution Command Injection Vulnerability

A vulnerability in the command-line interface CLI in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability ...

CVE-2018-0481 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-0477

The CVE-2018-0477 entry describes a local, command-injection vulnerability in the CLI parser of Cisco IOS XE Software. An authenticated attacker with Privilege Level 15 can exploit improper sanitization of CLI command arguments to access internal data structures and execute arbitrary root command...

CVE-2018-0481

The CVE-2018-0481 issue is a vulnerability in the Cisco IOS XE Software CLI parser that allows a locally authenticated attacker with privileged EXEC access to inject and run arbitrary commands as root on the device’s Linux shell. Root cause: improper sanitization of CLI command arguments, allowin...

CVE-2018-15368

CVE-2018-15368 is Cisco IOS XE Software Privileged EXEC Mode Root Shell Access. The issue arises in the CLI parser: under authenticated local access (privilege level 15) an attacker can send crafted CLI commands that bypass argument sanitization and modify the underlying Linux filesystem, gaining...

CVE-2018-0433

CVE-2018-0433 describes a local, authenticated command-injection vulnerability in the Cisco SD-WAN Solution CLI caused by insufficient input validation. Affected: Cisco SD-WAN Solution (CLI) on eligible devices; an attacker who can authenticate to the CLI can craft input that leads to arbitrary c...

CVE-2018-0477 Cisco IOS XE Software Command Injection Vulnerabilities

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

CVE-2018-15368 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

Cisco Firepower Management Center and Firepower System Software Sourcefire Tunnel Control Channel Command Execution Vulnerability

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense FTD sensors could allow an authenticated, local attacker to execute specific CLI commands with root privileges on the Cisco Firepower Management Center FM...

RHEL 7 : ceph-iscsi-cli (RHSA-2018:2838)

An update for ceph-iscsi-cli is now available for Red Hat Ceph Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...