126 matches found
Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)
According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...
Cisco Wireless LAN Controller Software Input Validation Error Vulnerability
Cisco Wireless LAN Controller WLC Software is a suite of software for configuring and managing WLCs Wireless LAN Controllers from Cisco. An input validation error vulnerability exists in Secure Shell Session Management in Cisco WLC Software 8.5.140.0 and prior versions, which originates from the...
Cisco IOS XR Software Secure Shell Authentication Vulnerability
A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...
Code injection
Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...
CVE-2018-11752
Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...
CVE-2017-14115
The CVE-2017-14115 entry concerns AT&T U-verse firmware 9.2.2h0d83 on Arris NVG589/NVG599. The flaw arises when IP Passthrough is not used, configuring ssh-permanent-enable WAN SSH logins for the remotessh account with password 5SaP9I26. An attacker establishing an SSH session can trigger a Termi...
CVE-2016-0739
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...
CVE-2016-2230
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...
Hardcoded credentials
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...
CVE-2016-2230
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...
CVE-2016-2230
CVE-2016-2230 affects OpenELEC and RasPlex, where the root account has a hardcoded password. This enables remote attackers to access via SSH with high impact (C, I, A likely affected) as indicated by the CVSS metrics in the records. Connected sources corroborate the existence of default credentia...
Hardcoded credentials
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded 1 root and 2 guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070...
Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20151119)
A flaw was found in the way the kexagreemethods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the- middle attacker could use a crafted SSHMSGKEXINIT packet to crash a connecting libssh2 client. CVE-2015-1782 This update also fixes the following bugs : -...
CVE-2015-6389
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...
Hardcoded credentials
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...
CVE-2015-6389
Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...
FreeBSD : PuTTY -- memory corruption in terminal emulator's erase character handling (0cb0afd9-86b8-11e5-bf60-080027ef73ec)
Ben Harris reports : Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be ab...
Hardcoded credentials
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session...
PuTTY -- memory corruption in terminal emulator's erase character handling
Ben Harris reports: Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be abl...
Hardcoded credentials
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager CDM 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546...