CVE-2023-25594

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to...

CVE-2023-25594

CVE-2023-25594 concerns Aruba Networks ClearPass Policy Manager, where an attacker with read-only privileges can perform state-changing actions in the web-based management interface. The underlying issue is an authorization bypass that permits higher-impact operations than the attacker’s permissi...

CVE-2023-25593

CVE-2023-25593 affects Aruba Networks ClearPass Policy Manager web-based management interface. It describes a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to execute arbitrary script in a victim’s browser within the affected interface. Public documentation and a...

CVE-2023-25593 Reflected Cross Site Scripting Vulnerabilities (XSS) in ClearPass Policy Manager Web-Based Management Interface

Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browse...

CVE-2023-25591 Authenticated Information Disclosure in ClearPass Policy Manager Web-Based Management Interface

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further...

CVE-2023-25591

CVE-2023-25591 affects Aruba ClearPass Policy Manager Web-Based Management Interface. An attacker authenticated with low privileges could access sensitive information via the management UI, enabling potential privilege escalation. The issue is documented across multiple feeds (NVD, CVE listings, ...

Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition. Please see the included Cisco BIDs and Cisco Security Advisory for more information...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. This vulnerability is due to...

CVE-2023-22761 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

CVE-2023-22758 Authenticated Remote Command Execution in ArubaOS Web-based Management Interface

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to full...

CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

Cisco Identity Services Engine (ISE) XSS (cisco-sa-ise-xss-ubfHG75C)

According to its self-reported version, Cisco Identity Services Engine ISE is affected by a cross-site scripting vulnerability. This could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

CVE-2023-20053

Cisco Nexus Dashboard’s web-based management interface is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation. An unauthenticated, remote attacker could lure a user into clicking a crafted link, allowing execution of arbitrary script code in the affected in...

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

CVE-2023-20026

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input with...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...

Authentication flaw

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker...

Input validation

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. ...

Improper access control

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of...