Lucene search
K

156 matches found

CNVD
CNVD
added 2023/11/17 12:0 a.m.38 views

Fortinet FortiClient Hardcoding Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A hard-coded vulnerability exists in Fortinet FortiClien...

5.5CVSS7AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2023/11/14 7:15 p.m.21 views

CVE-2023-40719

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

5.5CVSS0.00195EPSS
Exploits0References1
Prion
Prion
added 2023/11/14 7:15 p.m.18 views

Hardcoded credentials

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

1.7CVSS7.1AI score0.00195EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/11/14 6:15 p.m.45 views

Hardcoded credentials

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials...

1.7CVSS7.1AI score0.00205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/14 6:8 p.m.29 views

CVE-2023-40719

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials...

4.1CVSS5.7AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2023/11/14 6:7 p.m.95 views

CVE-2023-33304

CVE-2023-33304 affects Fortinet FortiClient for Windows (versions 7.0.0–7.0.9 and 7.2.0–7.2.1). The issue is hard-coded credentials that allow bypassing protections via static credentials. According to the sources, exploitation status is not detailed in these documents. Remediation is available: ...

5.5CVSS5.4AI score0.00205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.7 views

PT-2023-9589 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series affected versions not specified Description: A vulnerability in the software could allow an unauthenticated, local attacker to access an affecte...

9.3CVSS6.6AI score0.15953EPSS
Exploits0References12
Prion
Prion
added 2023/10/04 5:15 p.m.20 views

Design/Logic Flaw

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...

7.5CVSS9.7AI score0.02447EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/04 4:12 p.m.28 views

CVE-2023-20101

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...

9.8CVSS10AI score0.02447EPSS
Exploits0References1
CVE
CVE
added 2023/10/04 4:12 p.m.121 views

CVE-2023-20101

Cisco Emergency Responder is affected by a vulnerability where an unauthenticated attacker can log in via the root account that uses default, static credentials. The issue comes from static root credentials that cannot be changed or deleted, enabling the attacker to log in and execute arbitrary c...

9.8CVSS9.8AI score0.02447EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2023/10/04 4:0 p.m.42 views

Cisco Emergency Responder Static Credentials Vulnerability

A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for th...

9.8CVSS9.9AI score0.02447EPSS
Exploits0References1
OSV
OSV
added 2023/09/27 6:15 p.m.4 views

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presen...

7.5CVSS5.8AI score0.00589EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.6 views

PT-2023-5690 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage affected versions not specified Description: The issue is related to insufficient access controls in the Elasticsearch database used by Cisco SD-WAN vManage software. This could allow an unauthenticated, remote attacker t...

7.8CVSS7.4AI score0.00589EPSS
Exploits0References11
OSV
OSV
added 2023/07/13 3:15 a.m.4 views

CVE-2023-34137

SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

9.8CVSS5.8AI score0.0107EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 9:15 p.m.4 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

7.8CVSS6.1AI score0.00808EPSS
Exploits1References1
NVD
NVD
added 2023/04/26 9:15 p.m.24 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

7.8CVSS7.7AI score0.00808EPSS
Exploits1References1
Prion
Prion
added 2023/04/26 9:15 p.m.15 views

Cross site scripting

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

4.3CVSS8.2AI score0.00808EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/26 12:0 a.m.54 views

CVE-2023-2291

CVE-2023-2291 affects ManageEngine products: Access Manager Plus (AMP) in build 4309, Password Manager Pro, and PAM360. The root cause is static credentials stored in PostgreSQL data, which could allow a low-privilege user to modify configuration data and escalate to Administrative privileges. Th...

7.8CVSS8.2AI score0.00808EPSS
Exploits1References1Affected Software3
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.7 views

PT-2023-18769 · Manageengine · Zoho Manageengine Access Manager Plus +2

Name of the Vulnerable Software and Affected Versions: ManageEngine Access Manager Plus AMP build 4309 ManageEngine Password Manager Pro affected versions not specified ManageEngine PAM360 affected versions not specified Description: Static credentials exist in the PostgreSQL data used in the...

7.8CVSS3.9AI score0.00808EPSS
Exploits1References11
Cvelist
Cvelist
added 2023/04/26 12:0 a.m.25 views

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

9AI score0.00808EPSS
Exploits1References1
Rows per page
Query Builder