14823 matches found
PT-2024-39021 · Planet Technology · Planet Technology Switch
Name of the Vulnerable Software and Affected Versions: PLANET Technology switches affected versions not specified Description: The issue concerns the SSH service in certain switch models from PLANET Technology, which improperly handles insufficiently authenticated connection requests. This allows...
CVE-2024-28812
CVE-2024-28812 affects Infinera hiT 7300 5.60.50, where a hidden SSH service on the local management interface uses hardcoded credentials, allowing an attacker to access the appliance OS with highest privileges via SSH. The condition is confirmed across multiple sources (NVD/Red Hat/CNNVD) with d...
PT-2024-22585 · Infinera · Infinera Hit 7300
Name of the Vulnerable Software and Affected Versions: Infinera hiT 7300 version 5.60.50 Description: An issue was discovered in the Infinera hiT 7300, where undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an...
PT-2024-6539 · Infinera · Infinera Hit 7300
Name of the Vulnerable Software and Affected Versions: Infinera hiT 7300 version 5.60.50 Description: An issue was discovered in the Infinera hiT 7300, where a hidden SSH service on the local management network interface has hardcoded credentials. This allows attackers to access the appliance...
CVE-2024-7594
A flaw was found in Hashicorp Vault. Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s...
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
GHSA-JG74-MWGW-V6X3 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
CVE-2024-7594
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
CVE-2024-7594
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
CVE-2024-7594
CVE-2024-7594 affects Vault’s SSH secrets engine. By default, if the fields valid_principals and default_user are not configured, an SSH certificate requested by an authorized user could authenticate as any user on the host. This is mitigated by upgrading to Vault Community Edition 1.17.6 or Vaul...
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...
PT-2024-38439
Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 1.17.6 HashiCorp Vault Enterprise versions prior to 1.17.6, 1.16.10, and 1.15.15 Description The issue arises from the SSH secrets engine not requiring the valid principals list to contain a...
Cisco Catalyst Center Static SSH Host Key (cisco-sa-dnac-ssh-e4uOdASj)
The version of Cisco Catalyst Center formerly Cisco DNA Center installed on the remote host is prior to 2.3.5.6, 2.3.6.x, or 2.3.7.x prior to 2.3.7.5. It is, therefore, affected by a vulnerability in the SSH server that could allow an unauthenticated, remote attacker to impersonate a Cisco Cataly...
CVE-2024-20350
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
CVE-2024-20350 Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
CVE-2024-20350
CVE-2024-20350 affects Cisco Catalyst Center (formerly Cisco DNA Center). The issue is due to a static SSH host key in the SSH server, enabling unauthenticated, remote attackers to perform MITM on SSH connections and impersonate the appliance, potentially intercepting traffic, injecting terminal ...
CVE-2024-20350 Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...
CVE-2023-25189
BTS is affected by information disclosure vulnerability where mobile network operator personnel connected over BTS Web Element Manager, regardless of the access privileges, having a possibility to read BTS service operation details performed by Nokia Care service personnel via SSH...
Cisco Catalyst Center Static SSH Host Key Vulnerability
A vulnerability in the SSH server of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to impersonate a Cisco Catalyst Center appliance. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability...