156 matches found
Fortinet FortiClient Hardcoding Vulnerability
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A hard-coded vulnerability exists in Fortinet FortiClien...
CVE-2023-40719
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...
Hardcoded credentials
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...
Hardcoded credentials
A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials...
CVE-2023-40719
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...
CVE-2023-33304
CVE-2023-33304 affects Fortinet FortiClient for Windows (versions 7.0.0–7.0.9 and 7.2.0–7.2.1). The issue is hard-coded credentials that allow bypassing protections via static credentials. According to the sources, exploitation status is not detailed in these documents. Remediation is available: ...
PT-2023-9589 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series affected versions not specified Description: A vulnerability in the software could allow an unauthenticated, local attacker to access an affecte...
Design/Logic Flaw
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...
CVE-2023-20101
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...
CVE-2023-20101
Cisco Emergency Responder is affected by a vulnerability where an unauthenticated attacker can log in via the root account that uses default, static credentials. The issue comes from static root credentials that cannot be changed or deleted, enabling the attacker to log in and execute arbitrary c...
Cisco Emergency Responder Static Credentials Vulnerability
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...
CVE-2023-20034
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presen...
PT-2023-5690 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage affected versions not specified Description: The issue is related to insufficient access controls in the Elasticsearch database used by Cisco SD-WAN vManage software. This could allow an unauthenticated, remote attacker t...
CVE-2023-34137
SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
Cross site scripting
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
CVE-2023-2291
CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...
PT-2023-18769 · Manageengine · Zoho Manageengine Access Manager Plus +2
Name of the Vulnerable Software and Affected Versions: ManageEngine Access Manager Plus AMP build 4309 ManageEngine Password Manager Pro affected versions not specified ManageEngine PAM360 affected versions not specified Description: Static credentials exist in the PostgreSQL data used in the...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...