CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

n0where•added 2017/07/10 3:30 p.m.•18 views

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

7.5AI score

NVD•added 2017/07/06 12:29 a.m.•19 views

CVE-2017-6714

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

10CVSS9.8AI score0.042EPSS

Exploits0References2

NVD•added 2017/07/06 12:29 a.m.•27 views

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

8.2CVSS8.5AI score0.00787EPSS

Prion•added 2017/07/06 12:29 a.m.•17 views

Design/Logic Flaw

10CVSS9.7AI score0.042EPSS

Exploits0References2Affected Software1

OSV•added 2017/07/06 12:29 a.m.•2 views

CVE-2017-6707

8.2CVSS6.1AI score0.00787EPSS

CVE•added 2017/07/06 12:0 a.m.•61 views

CVE-2017-6707

CVE-2017-6707 affects Cisco StarOS CLI on ASR 5000/5500/5700 series and Cisco VPC Software. The issue stems from improper sanitization of CLI commands before they are inserted into Linux shell commands, allowing an authenticated local attacker to break out of the StarOS CLI and execute arbitrary ...

8.2CVSS8.5AI score0.00787EPSS

Cisco•added 2017/07/05 4:0 p.m.•20 views

Cisco Prime Network Information Disclosure Vulnerability

A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checking mechanisms in the...

5.5CVSS5.2AI score0.00312EPSS

Cisco•added 2017/07/05 4:0 p.m.•34 views

Cisco StarOS CLI Command Injection Vulnerability

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and...

8.2CVSS8.5AI score0.00787EPSS

OSV•added 2017/07/04 12:29 a.m.•3 views

CVE-2017-6719

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases:...

6.7CVSS6AI score

Prion•added 2017/07/04 12:29 a.m.•11 views

Code injection

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT...

7.2CVSS6.4AI score0.00375EPSS

NVD•added 2017/07/04 12:29 a.m.•11 views

CVE-2017-6718

7.2CVSS6.4AI score0.00375EPSS

CVE•added 2017/07/04 12:0 a.m.•53 views

CVE-2017-6718

CVE-2017-6718 affects Cisco IOS XR Software: a privilege-escalation flaw in the CLI caused by incorrect permissions on binary files, enabling an authenticated, local attacker to gain root privileges. Affected release: 6.2.1.BASE. Fixed releases: 6.2.11.3i.ROUT, 6.2.1.29i.ROUT, 6.2.1.26i.ROUT. Exp...

7.2CVSS6.4AI score0.00375EPSS

CVE•added 2017/07/04 12:0 a.m.•62 views

CVE-2017-6719

CVE-2017-6719 affects Cisco IOS XR Software CLI. A vulnerability due to insufficient input validation in a command processing path allows an authenticated, local attacker to execute arbitrary commands on the host OS with root privileges (Command Injection). Affected releases include 6.2.1.BASE; f...

7.2CVSS6.8AI score0.00712EPSS

n0where•added 2017/07/03 4:25 p.m.•18 views

AWS Auditing & Hardening Tool: Zeus

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...

0.1AI score

Node.js•added 2017/06/28 5:19 p.m.•22 views

Directory Traversal

Overview fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 hos...

5CVSS4.8AI score0.02005EPSS

Exploits1Affected Software1

CNVD•added 2017/06/26 12:0 a.m.•1 views

Cisco IOS XR Software Local Command Injection Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. Cisco IOS XR Software has a security vulnerability in the CLI implementation, where an authenticated local attacker can execute arbitrary commands with root privileges on the host...

7.2CVSS7.3AI score0.00712EPSS