27 matches found
EUVD-2018-10275
Malware in sbrugna...
EUVD-2025-8773
Malicious code in bioql PyPI...
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
VyOS 安全漏洞
VyOS is a fully open source enterprise router platform from VyOS Open Source. A security vulnerability exists in VyOS versions 1.3 through 1.5 that stems from the same Dropbear private key in different installations, which could lead to a man-in-the-middle attack against SSH connections...
CVE-2025-30095
CVE-2025-30095 affects VyOS 1.3–1.5 (fixed in 1.4.2) and can also impact any Debian-based system using Dropbear with live-build due to identical Dropbear private host keys across installations. This enables active man-in-the-middle attacks on SSH if Dropbear is used as the SSH daemon; VyOS’s cons...
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
CVE-2025-30095
VyOS 1.3 through 1.5 fixed in 1.4.2 or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the...
PT-2025-13781 · Vyos +2 · Vyos +2
Name of the Vulnerable Software and Affected Versions: VyOS versions 1.3 through 1.5 Description: The issue allows an attacker to conduct active man-in-the-middle attacks against SSH connections if Dropbear is enabled as the SSH daemon, due to the same Dropbear private host keys being used across...
VyOS Default Credentials (SSH)
The remote VyOS system is using known default credentials for the SSH login. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VyOS Gather Device General Information
This module collects VyOS device information and configuration. Module Options msf use post/networking/gather/enumvyos msf postenumvyos show actions ...actions... msf postenumvyos set ACTION msf postenumvyos show options ...show and set options... msf postenumvyos run This module requires...
VyOS Configuration Importer
This module imports a VyOS device configuration. Module Options msf use auxiliary/admin/networking/vyosconfig msf auxiliaryvyosconfig show actions ...actions... msf auxiliaryvyosconfig set ACTION msf auxiliaryvyosconfig show options ...show and set options... msf auxiliaryvyosconfig run This modu...
VyOS restricted-shell Escape / Privilege Escalation Exploit
This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator...
VyOS restricted-shell Escape / Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'VyOS restricted-shell Escape and Privilege Escalation', 'Description' = %q This module exploits...
VyOS restricted-shell Escape and Privilege Escalation
This module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 use exploit/linux/ssh/vyosrestrictedshellprivesc msf exploitvyosrestrictedshellprivesc show targets ...targets... msf exploitvyosrestrictedshellprivesc set TARGET msf...
Privilege escalation
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated sudo permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions an...
CVE-2018-18555
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to th...
CVE-2018-18556
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated sudo permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions an...
CVE-2018-18556
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated sudo permissions. Certain input parameters are not properly validated. A malicious operator user can run the binary with elevated permissions an...
Authentication flaw
A sandbox escape issue was discovered in VyOS 1.1.8. It provides a restricted management shell for operator users to administer the device. By issuing various shell special characters with certain commands, an authenticated operator user can break out of the management shell and gain access to th...