62 matches found
PT-2025-20270 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying...
Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-privesc-su7scvdp)
According to its self-reported version, Cisco IOS-XE Software is affected by multiple vulnerabilities. - A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an...
CVE-2024-20483 Cisco IOS XR PON Controller Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager Mongo...
Welotec Industrial Routers Improper Access Control (CVE-2023-1083)
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
CVE-2023-1083 Welotec: improper access control in TK500v1 router series
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...
CVE-2023-1083
CVE-2023-1083 affects Welotec TK500v1 industrial routers. An unauthenticated remote attacker who knows the MQTT topic name can manipulate the device: send/receive messages, GET/SET configuration commands, reboot, and firmware updates due to improper access control. This vulnerability is rated CVS...
CVE-2023-1083 Welotec: improper access control in TK500v1 router series
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...
PT-2024-11934 · Mqtt · Mqtt
Name of the Vulnerable Software and Affected Versions: MQTT affected versions not specified Description: An unauthenticated remote attacker who is aware of an MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands, and firmware updates...
Studio will not open with error "A working 'Storefront' service could not be found"
Storefront is installed on the DDC. After successfully upgrading both Storefront servers to CVAD 2203 CU3, Studio fails to open with the following error. After clicking on "View Details" another error appears: "A working 'Storefront' service could not be found" Error Id: XDDS:E354580F Exception:...
CVE-2023-20048
A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...
CVE-2023-20048
A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...
CVE-2023-20048
A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...
PT-2023-6705 · Cisco · Cisco Firepower Management Center +1
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Management Center FMC Software affected versions not specified Description: A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execu...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
Improper access control
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
CVE-2022-20949
A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...
Design/Logic Flaw
A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...
Cisco Firepower Threat Defense Resource Management Error Vulnerability (CNVD-2022-78144)
Cisco Firepower Threat Defense FTD Software is a unified set of software from Cisco that provides next-generation firewall services.A resource management error vulnerability exists in Cisco Firepower Threat Defense FTD Software, which stems from its management web server Failure to properly...