Lucene search
+L

113 matches found

ATTACKERKB
ATTACKERKB
added 2021/12/08 7:15 p.m.4 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

9.8CVSS7.5AI score0.01445EPSS
Exploits0References2
OSV
OSV
added 2021/12/08 7:15 p.m.6 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

9.8CVSS7.4AI score0.01445EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/12/08 6:46 p.m.30 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of...

7.3CVSS9.9AI score0.01445EPSS
Exploits0References1
CVE
CVE
added 2021/12/08 6:46 p.m.59 views

CVE-2021-41025

CVE-2021-41025 affects Fortinet FortiWeb’s confd authentication mechanism. Affected FortiWeb versions include 6.0.0–6.0.7, 6.1.0–6.1.2, 6.2.0–6.2.6, 6.3.0–6.3.15, 6.4.0–6.4.1. The issue comprises concurrent execution using a shared resource with improper synchronization and an authentication bypa...

9.8CVSS9.8AI score0.01445EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/08/04 6:15 p.m.8 views

CVE-2021-1572

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS6AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2021/08/04 6:15 p.m.29 views

CVE-2021-1572

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS0.00247EPSS
Exploits0References2
Prion
Prion
added 2021/08/04 6:15 p.m.31 views

Design/Logic Flaw

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

6.9CVSS7.9AI score0.00247EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2021/08/04 5:20 p.m.74 views

CVE-2021-1572

The CVE-2021-1572 issue affects Cisco ConfD CLI Secure Shell Server Privilege Escalation, impacting ConfD (and NSO/ConfD options) where the built‑in SSH server handles the SFTP service at the privilege level of the running account (often root). An authenticated, local attacker with a valid accoun...

7.8CVSS7.9AI score0.00247EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2021/08/04 5:20 p.m.13 views

CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS7.5AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/04 5:20 p.m.34 views

CVE-2021-1572 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exist...

7.8CVSS8.1AI score0.00247EPSS
Exploits0References2
Cisco
Cisco
added 2021/08/04 4:0 p.m.92 views

ConfD CLI Secure Shell Server Privilege Escalation Vulnerability

A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device. The vulnerability exis...

7.8CVSS8.1AI score0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.5 views

Cisco ConfD 安全漏洞

Cisco ConfD is a management software from Cisco USA. A security vulnerability exists in Cisco ConfD that stems from the affected software incorrectly running SFTP user services with a privileged user enabled CLI when ConfD's built-in SSH server is running. The vulnerability allows an authenticate...

7.8CVSS7.8AI score0.00247EPSS
Exploits0References5
0day.today
0day.today
added 2018/03/05 12:0 a.m.60 views

Sophos UTM 9.410 - (loginuser) (confd) Service Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vulnerability Details Affected Vendor: Sophos Affected...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2018/03/05 12:0 a.m.36 views

Sophos UTM 9.410 - loginuser confd Service Privilege Escalation

Sophos UTM 9.410 - loginuser confd Service Privilege Escalation KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL:...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/05 12:0 a.m.42 views

Sophos UTM 9.410 - 'loginuser' 'confd' Service Privilege Escalation

KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1...

7.4AI score
Exploits0
KoreLogic Security
KoreLogic Security
added 2018/03/02 12:0 a.m.21 views

Sophos UTM 9 loginuser Privilege Escalation via confd Service

Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-306: Missing Authentication for Critical Function SID generation Impact: Privilege Escalation Attack vector: SSH 2. Vulnerability Description The...

7.3AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/01/19 12:0 a.m.6 views

Cisco Elastic Services Controller Information Disclosure Vulnerability (CNVD-2018-02370)

Cisco Elastic Services Controller ESC is an open source modular system from Cisco.ConfD server is one of the configuration management servers. An information disclosure vulnerability exists in the ConfD server in Cisco ESC, which stems from the program failing to adequately enforce security...

3.3CVSS5.9AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2018/01/18 6:29 a.m.16 views

CVE-2018-0106

A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by...

3.3CVSS3.6AI score0.00296EPSS
Exploits0References2
Prion
Prion
added 2018/01/18 6:29 a.m.20 views

Design/Logic Flaw

A vulnerability in the ConfD server of the Cisco Elastic Services Controller ESC could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by...

2.1CVSS3.7AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2018/01/18 6:0 a.m.46 views

CVE-2018-0106

CVE-2018-0106 affects the Cisco Elastic Services Controller (ESC) and its embedded ConfD server . The vulnerability is due to insufficient security restrictions in the ConfD directory/file structure, enabling an unauthenticated, local attacker to view sensitive information on the targeted system....

3.3CVSS3.7AI score0.00296EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder