Lucene search
K

126 matches found

Tenable Nessus
Tenable Nessus
added 2020/03/02 12:0 a.m.37 views

Cisco IOS XR Software Secure Shell Authentication Vulnerability (cisco-sa-20190605-iosxr-ssh)

According to its self-reported version, Cisco IOS XR Software is affected by a vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software that could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The...

5.5CVSS6.4AI score0.01208EPSS
Exploits0References3
CNVD
CNVD
added 2019/10/18 12:0 a.m.2 views

Cisco Wireless LAN Controller Software Input Validation Error Vulnerability

Cisco Wireless LAN Controller WLC Software is a suite of software for configuring and managing WLCs Wireless LAN Controllers from Cisco. An input validation error vulnerability exists in Secure Shell Session Management in Cisco WLC Software 8.5.140.0 and prior versions, which originates from the...

8.6CVSS6.8AI score0.01415EPSS
Exploits0References1
Cisco
Cisco
added 2019/06/05 4:0 p.m.120 views

Cisco IOS XR Software Secure Shell Authentication Vulnerability

A vulnerability in the Secure Shell SSH authentication function of Cisco IOS XR Software could allow an authenticated, remote attacker to successfully log in to an affected device using two distinct usernames. The vulnerability is due to a logic error that may occur when certain sequences of...

5.4CVSS0.8AI score0.01208EPSS
Exploits0References1
Prion
Prion
added 2018/10/02 7:29 p.m.13 views

Code injection

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

2.1CVSS5.5AI score0.00274EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/10/02 7:0 p.m.20 views

CVE-2018-11752

Previous releases of the Puppet ciscoios module output SSH session debug information including login credentials to a world readable file on every run. These issues have been resolved in the 0.4.0 release...

5.6AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2017/09/03 7:0 p.m.69 views

CVE-2017-14115

The CVE-2017-14115 entry concerns AT&T U-verse firmware 9.2.2h0d83 on Arris NVG589/NVG599. The flaw arises when IP Passthrough is not used, configuring ssh-permanent-enable WAN SSH logins for the remotessh account with password 5SaP9I26. An attacker establishing an SSH session can trigger a Termi...

9.3CVSS8.1AI score0.04378EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2016/04/13 5:59 p.m.9 views

CVE-2016-0739

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the 1 diffie-hellman-group1 and 2 diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a "bits/bytes...

5.9CVSS5.5AI score0.02431EPSS
Exploits0References10
NVD
NVD
added 2016/02/08 4:59 p.m.21 views

CVE-2016-2230

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

10CVSS9.6AI score0.03572EPSS
Exploits0References2
Prion
Prion
added 2016/02/08 4:59 p.m.10 views

Hardcoded credentials

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

10CVSS7.5AI score0.03572EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/02/08 4:0 p.m.25 views

CVE-2016-2230

OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session...

9.6AI score0.03572EPSS
Exploits0References2
CVE
CVE
added 2016/02/08 4:0 p.m.44 views

CVE-2016-2230

CVE-2016-2230 affects OpenELEC and RasPlex, where the root account has a hardcoded password. This enables remote attackers to access via SSH with high impact (C, I, A likely affected) as indicated by the CVSS metrics in the records. Connected sources corroborate the existence of default credentia...

10CVSS9.5AI score0.03572EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/01/22 11:59 a.m.16 views

Hardcoded credentials

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded 1 root and 2 guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070...

10CVSS7.2AI score0.0238EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.44 views

Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20151119)

A flaw was found in the way the kexagreemethods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the- middle attacker could use a crafted SSHMSGKEXINIT packet to crash a connecting libssh2 client. CVE-2015-1782 This update also fixes the following bugs : -...

6.8CVSS7AI score0.03501EPSS
Exploits0References2
NVD
NVD
added 2015/12/13 3:59 a.m.16 views

CVE-2015-6389

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...

9CVSS6.6AI score0.02601EPSS
Exploits0References3
Prion
Prion
added 2015/12/13 3:59 a.m.15 views

Hardcoded credentials

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...

9CVSS7.1AI score0.02601EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/12/13 2:0 a.m.22 views

CVE-2015-6389

Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707...

6.6AI score0.02601EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/11/10 12:0 a.m.29 views

FreeBSD : PuTTY -- memory corruption in terminal emulator's erase character handling (0cb0afd9-86b8-11e5-bf60-080027ef73ec)

Ben Harris reports : Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be ab...

4.3CVSS8.2AI score0.03467EPSS
Exploits0References3
Prion
Prion
added 2015/11/07 3:59 a.m.15 views

Hardcoded credentials

Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session...

10CVSS7.4AI score0.02338EPSS
Exploits0References1Affected Software5
FreeBSD
FreeBSD
added 2015/11/06 12:0 a.m.21 views

PuTTY -- memory corruption in terminal emulator's erase character handling

Ben Harris reports: Versions of PuTTY and pterm between 0.54 and 0.65 inclusive have a potentially memory-corrupting integer overflow in the handling of the ECH erase characters control sequence in the terminal emulator. To exploit a vulnerability in the terminal emulator, an attacker must be abl...

4.3CVSS9.2AI score0.03467EPSS
Exploits0References1
Prion
Prion
added 2015/07/04 10:59 a.m.16 views

Hardcoded credentials

Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager CDM 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546...

5CVSS7.2AI score0.01948EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder