Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Cisco IOS Security Vulnerabilities

Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Cisco IOS software and Cisco IOS XE, which stems from a vulnerability in the authentication, authorization, and billing AAA functionality that could allow an authenticated, remote...

CVE-2021-1438

A vulnerability in Cisco Wide Area Application Services WAAS Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute...

Cisco Wide Area Application Services Information Disclosure Vulnerability (CNVD-2021-37691)

Cisco Wide Area Application Services WAAS is a comprehensive WAN optimization solution that improves the performance of applications running in WAN environments, delivers video to branch offices and locally hosts branch office IT services. An information disclosure vulnerability exists in Cisco...

CVE-2021-1381

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

Design/Logic Flaw

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

CVE-2021-1381 Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

CVE-2021-1381

Cisco IOS XE Software contains a vulnerability due to insufficient command authorization restrictions that could allow an authenticated, high-privilege local attacker or an unauthenticated attacker with physical access to open a debugging console by executing commands on the hardware. The issue e...

CVE-2021-1381 Cisco IOS XE Software Active Debug Code Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could...

思科 Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that stems from insufficient...

Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...

CVE-2019-1842

A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...

CVE-2019-1842

Cisco IOS XR Software contains a vulnerability in the SSH authentication flow that could allow an authenticated, remote attacker to login using two distinct usernames due to a logic error during SSH login. Exploitation requires a specific SSH sequence that presents two usernames; successful explo...

Cisco ASA and FWSM Security Advisories

Overview On October 9, 2013, Cisco released two security advisorieshttp://www.us-cert.gov/ncas/current-activity/2013/10/10/Cisco-Releases-Security-Advisories concerning multiple vulnerabilities within software for the following components: Cisco Adaptive Security Appliance ASA...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco-SA-20150202-CVE-2014-8013)

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2014-8013

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service device reload via a long CLI command, aka Bug ID CSCur54182...

CVE-2014-8013

The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service device reload via a long CLI command, aka Bug ID CSCur54182...

CVE-2014-8013

CVE-2014-8013 concerns Cisco NX-OS TACACS+ command authorization where an authenticated, local attacker can cause a device reload by submitting very long CLI commands. The root cause is improper processing of long CLI inputs in the TACACS+ command-authorization feature. Impact is denial of servic...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization feature of Cisco NX-OS Software could allow an authenticated, local attacker to cause the system to reset. The vulnerability is due to incorrect processing of very long command-line interface CLI commands by the TACACS+ command authorization...

Cisco NX-OS Software TACACS+ Command Authorization Vulnerability

A vulnerability in the TACACS+ command authorization code of Cisco NX-OS Software could allow an authenticated, local attacker to execute certain commands without TACACS+ server authorization. The vulnerability is due to the processing of certain commands when executed in a sequence. An attacker...