12 matches found
CVE-2025-37155
CVE-2025-37155 describes an improper access-control flaw in the SSH restricted shell interface of network management services. The vulnerability could allow an attacker with authenticated read-only privileges to escalate to administrator access on affected systems. Documented in multiple sources,...
EUVD-2020-19673
Malware in sbrugna...
CVE-2025-37101
A potential security vulnerability has been identified in HPE OneView for VMware vCenter OV4VC. This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation operator can perform admin actions...
CVE-2025-37101 HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege
A potential security vulnerability has been identified in HPE OneView for VMware vCenter OV4VC. This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation operator can perform admin actions...
CVE-2025-37101 HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege
A potential security vulnerability has been identified in HPE OneView for VMware vCenter OV4VC. This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation operator can perform admin actions...
CVE-2020-27149
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed...
Vulnerabilities fixed in Fortinet FortiSandbox
Fortinet has fixed vulnerabilities in FortiSandbox. The vulnerability with reference CVE-2024-45328 includes improper authorization that allows low-privileged administrators to execute elevated CLI commands through the GUI console. In addition, there is an SQL injection vulnerability with attribu...
CVE-2020-27149
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed...
Cisco Integrated Management Controller Elevation of Privilege Vulnerability
Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An elevati...
The vulnerability of network monitoring software for PRTG Network Monitor lies in the insecure management of privileges. This allows a malicious actor with the “read-only” privilege to create users with the “read-write” privilege.
The vulnerability of the network monitoring software PRTG Network Monitor relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor, who has the “read-only” privilege, to create users with “read-write” privileges, including administrators, by using ...
The vulnerability of the REST API interface of the FortiOS operating system allows a perpetrator with the “read-only” privilege to disclose administrator passwords with the “read-write” privilege.
The vulnerability of the REST API interface of the FortiOS operating system is caused by access control errors. Exploiting this vulnerability allows a malicious actor, who operates remotely and has privileges for “only reading”, to obtain information about administrator passwords with privileges...
Design/Logic Flaw
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804...