205 matches found
Cisco IOS XE Router Command Injection (cisco-sa-20190513-webui)
Binary data 700665.prm...
Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileg...
Cisco IOS XE Software Web UI Command Injection Vulnerability
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges...
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
Cisco has disclosed an unpatched, high-severity vulnerability that impacts millions of devices, in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation. Cisco has also disclosed a similarly widely-impacting high-severity bug tha...
CVE-2019-1862
A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...
Input validation
A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...
CVE-2019-1862 Cisco IOS XE Software Web UI Command Injection Vulnerability
A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...
Cisco IOS XE Software Web UI Command Injection Vulnerability
A vulnerability in the web-based user interface Web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes...
Input validation
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...
CVE-2019-1756
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...
CVE-2019-1756
Cisco IOS XE Software contains a command-injection vulnerability (CVE-2019-1756) that can be exploited by an authenticated administrator via the web UI by supplying a malicious username payload, leading to arbitrary commands executed as root on the device. The root cause is improper input sanitiz...
CVE-2019-1756 Cisco IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has...
CVE-2019-1604
A vulnerability in the user account management interface of Cisco NX-OS Software could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to an incorrect authorization check of user accounts and their associated Group ID GID. An...
Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability (CNVD-2019-02750)
Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...
CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...
CVE-2019-1652 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...
CVE-2019-1652 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
CVE-2019-1652
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
Input validation
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...