282 matches found
Input validation
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
Design/Logic Flaw
A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...
CVE-2021-1453
Cisco IOS XE Software for the Catalyst 9000 Family is affected by CVE-2021-1453. The issue is in the image verification function during the initial boot, where an improper check of digital signatures on system image files could allow an unauthenticated, physical attacker to load unsigned software...
CVE-2021-1452 Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability
A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...
CVE-2021-1452 Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability
A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...
CVE-2021-1449 Cisco Access Point Software Arbitrary Code Execution Vulnerability
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
CVE-2021-1449
Cisco CVE-2021-1449 affects Cisco Access Points Software. A vulnerability in the boot logic allows an authenticated, local attacker to execute unsigned code at boot time by exploiting an improper startup check, requiring access to the device devshell. This could bypass software image verification...
CVE-2021-1441
Summary of CVE-2021-1441 (Cisco IOS XE hardware initialization ARBITRARY CODE EXECUTION) Affected products: Cisco IOS XE Software on Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers. Root cause: Incorrect validation of parameters passed to a diagn...
CVE-2021-1441 Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability
A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...
Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability
A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...
Cisco Access Point Software Arbitrary Code Execution Vulnerability
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...
Cisco IOS XE Software Hardware Initialization Routines Arbitrary Code Execution Vulnerability
A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is...
PT-2021-2556 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers affected versions not specified Cisco IOS XE Software for Cisco ESR6300 Embedded Series Routers affected versions not specified Description: The issue exists d...
Cisco Cisco Catalyst 9000 数据伪造问题漏洞
The Cisco Catalyst 9000 is a switch from Cisco USA. A security vulnerability exists in the Cisco Catalyst 9000 Family that originates from an improper check in the code function that manages the digital signature verification of the system image file during the initial boot process. An attacker...
Cisco Access Point 安全漏洞
Cisco Access Point is a network access point device from Cisco, Inc. It provides high-density wireless connectivity for small offices. A security vulnerability exists in Cisco Access Points Software, which can be exploited by an attacker to execute unsigned code at boot time...
多款Cisco产品操作系统命令注入漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An OS command injection vulnerability exists in ROMMON of Cisco IOS XE. The vulnerability stems from incorrect validation of specific function parameters passed to the startup...
PT-2021-2447 · Cisco · Cisco Access Points
Name of the Vulnerable Software and Affected Versions: Cisco Access Points Software affected versions not specified Description: A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The issue is due t...
A flaw was found in grub2 in versions prior to 2.06 where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
CVE-2021-27080
Azure Sphere Unsigned Code Execution Vulnerability...
CVE-2021-27074
Azure Sphere Unsigned Code Execution Vulnerability...