Design/Logic Flaw

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

CVE-2021-1381 Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

CVE-2021-1381 Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

CVE-2021-1381

Cisco IOS XE Software contains a vulnerability due to insufficient command authorization restrictions that could allow an authenticated, high-privilege local attacker or an unauthenticated attacker with physical access to open a debugging console by executing commands on the hardware. The issue e...

CVE-2019-1842

A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco-SA-20150202-CVE-2014-8013)

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. The vulnerability is due to incorrect processing of very long command-line interface CLI commands by the TACACS+ command authorization...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco-SA-20140123-CVE-2014-0676)

A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

Cisco IOS Software Command Authorization Bypass

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...

CVE-2006-0485

The TCL shell in Cisco IOS 12.214S before 12.214S16, 12.218S before 12.218S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting AAA command authorization checks, which may allow local users to execute IOS EXEC commands that were...