105 matches found
Cellebrite EPR Decryption Relies on Hardcoded AES Key Material
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-321: Hardcoded Use of Cryptography Keys CVE ID: CVE-2020-14474 2. Vulnerability Description The Cellebrite UFED Physical device relies on...
Cellebrite Restricted Desktop Escape and Escalation of User Privilege
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.5.0.845 Platform: Embedded Windows CWE Classification: CWE-269: Improper Privilege Management, CWE-20: Input Validation Error CVE ID: CVE-2020-12798 2. Vulnerability Description Cellebrite UFED...
Cellebrite Hardcoded ADB Authentication Keys
Vulnerability Details Affected Vendor: Cellebrite Affected Product: UFED Affected Version: 5.0 - 7.29 Platform: Embedded Windows CWE Classification: CWE-321: Use of hardcoded cryptographic keys CVE ID: CVE-2020-11723 2. Vulnerability Description Cellebrite UFED uses four hardcoded RSA private...
Dell OpenManage Network Manager Multiple Vulnerabilities
Vulnerability Details Affected Vendor: Dell Affected Product: OpenManage Network Manager Affected Version: 6.2.0.51 SP3 Platform: Embedded Linux CWE Classification: CWE-285: Improper Authorization, CWE-284: Improper Access Control Impact: Privilege Escalation Attack vector: MySQL, HTTP CVE ID:...
HPE VAN SDN Unauthenticated Remote Root Vulnerability
Vulnerability Details Affected Vendor: HP Enterprise Affected Product: VAN SDN Controller Affected Version: 2.7.18.0503 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-20: Improper Input Validation Impact: Privilege Escalation Attack vector: HTTP 2...
Sophos UTM 9 loginuser Privilege Escalation via confd Service
Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-306: Missing Authentication for Critical Function SID generation Impact: Privilege Escalation Attack vector: SSH 2. Vulnerability Description The...
NetEx HyperIP Post-Auth Command Execution
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command, CWE-250: Execution with Unnecessary Privileges Impact: Arbitrary Command...
NetEx HyperIP Privilege Escalation Vulnerability
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Privilege Escalation Attack vector: HTTPS 2. Vulnerability Description Privileges can be escalated by abusing...
Trend Micro IMSVA Management Portal Authentication Bypass
Vulnerability Details Affected Vendor: Trend Micro Affected Product: InterScan Mail Security Virtual Apppliance Affected Version: 9.1.0.1600 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-219: Sensitive Data Under Web Root Impact: Authentication...
NetEx HyperIP Authentication Bypass
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-592: Authentication Bypass Issues Impact: Authentication Bypass Attack vector: HTTPS 2. Vulnerability Description Authentication for the management...
NetEx HyperIP Local File Inclusion Vulnerability
Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path, CWE-592: Authentication Bypass Issues Impact: Arbitrary Filesystem Reads Attack vector: HTTPS 2...
Sophos Web Gateway Persistent Cross Site Scripting Vulnerability
Vulnerability Details Affected Vendor: Sophos Affected Product: Web Gateway Affected Version: 4.4.1 Platform: Embedded Linux CWE Classification: CWE-79: Improper Neutralization of Input During Web Page Generation, CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Impact:...
Splunk Local Privilege Escalation
Vulnerability Details Affected Vendor: Splunk Affected Product: Splunk Enterprise Affected Version: 6.6.x Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Privilege Escalation Attack vector: Local 2. Vulnerability...
Infoblox NetMRI Administration Shell Factory Reset Persistence
Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: VM-AD30-5C6CE Platform: Embedded Linux CWE Classification: CWE-485: Insufficient Encapsulation Impact: Administrative Account Backdoor Attack vector: SSH 2. Vulnerability Description An authenticated user...
Sophos UTM 9 loginuser Privilege Escalation via Insecure Directory Permissions
Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-280: Improper Handling of Insufficient Permissions or Privileges Impact: Root Access Attack vector: SSH 2. Vulnerability Description The attacker must...
Sophos UTM 9 Management Application Local File Inclusion
Vulnerability Details Affected Vendor: Sophos Affected Product: UTM 9 Affected Version: 9.410 Platform: Embedded Linux CWE Classification: CWE-538: File and Directory Information Exposure, CWE-264: Permissions, Privileges, and Access Controls, CWE-532: Information Exposure Through Log Files...
Sonicwall WXA5000 Console Jail Escape and Privilege Escalation
Vulnerability Details Affected Vendor: Sonicwall Affected Product: WXA5000 WAN Optimization Appliance Affected Version: 1.3.2-10-30 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Root Access Attack vector: Console 2...
Infoblox NetMRI Administration Shell Escape and Privilege Escalation
Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...
Solarwinds LEM Insecure Update Process
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Multiple Affected Version: Multiple Platform: Embedded Linux CWE Classification: CWE-284: Improper Access Control, CWE-346: Origin Validation Error Impact: Counterfeit Product Downloads Attack vector: HTTP 2. Vulnerability...
Solarwinds LEM Hardcoded Credentials
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Unintended Access Attack vector: Local 2. Vulnerability Description The...
Barracuda WAF Support Tunnel Hijack
Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-304: Missing Critical Step In Authentication Impact: Remote Access Attack vector: DNS, SSH 2. Vulnerability...
Barracuda WAF Management Application Username and Session ID Leak
Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-200: Information Exposure Impact: Privileged Access Attack vector: HTTP 2. Vulnerability Description The...
Barracuda WAF Internal Development Credential Disclosure
Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code, CWE-200: Information Exposure Impact: Privileged Access Attack vector: Code Review 2...
Barracuda WAF Grub Password Complexity
Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-259: Use of Hard-coded Password Impact: Privileged Access Attack vector: Password Cracking 2. Vulnerability...
Barracuda WAF Early Boot Root Shell
Vulnerability Details Affected Vendor: Barracuda Affected Product: Web Application Firewall V360 Affected Version: Firmware v8.0.1.014 Platform: Embedded Linux CWE Classification: CWE-489: Leftover Debug Code Impact: Root Access Attack vector: Grub 2. Vulnerability Description Firmware reversing...
Solarwinds LEM Management Shell Arbitrary File Read
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-36: Absolute Path Traversal Impact: Information Disclosure Attack vector: SSH 2. Vulnerability Description The...
Solarwinds LEM Database Listener with Hardcoded Credentials
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials, CWE-284: Improper Access Control Impact: Remote Database Compromise Attack...
Solarwinds LEM Management Shell Escape via Command Injection
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Privileged Access Attack vector: SSH...
Solarwinds LEM Privilege Escalation via Controlled Sudo Path
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-281: Improper Preservation of Permissions, CWE-708: Incorrect Ownership Assignment Impact: Privileged Access...
Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...
WatchGuard XTMv User Management Cross-Site Request Forgery
Vulnerability Details Affected Vendor: WatchGuard Affected Product: XTMv Affected Version: v11.12 Build 516911 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF Impact: Privileged Access Attack vector: HTTP 2. Vulnerability Description Lack of CSRF protection...
Trendmicro InterScan Privilege Escalation Vulnerability
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact:...
Trendmicro InterScan Arbitrary File Write
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...
Trendmicro InterScan Remote Root Access Vulnerability
Vulnerability Details Affected Vendor: Trendmicro Affected Product: InterScan Web Security Virtual Appliance Affected Version: OS Version 3.5.1321.el6.x8664; Application Version 6.5-SP2BuildLinux1548 Platform: Embedded Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a...
Sophos Web Appliance Privilege Escalation
Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-522: Insufficiently Protected Credentials, CWE-261: Weak Cryptography for Passwords Impact: Privilege Escalation Attack vector: HTTP 2...
Sophos Web Appliance Remote Code Execution
Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-88: Argument Injection or Modification...
Cisco Firepower Threat Management Console Hard-coded MySQL Credentials
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Authentication Bypass CVE-ID:...
Cisco Firepower Threat Management Console Local File Inclusion
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path Impact: Information Disclosure Attack...
Cisco Firepower Threat Management Console Remote Command Execution Leading to Root Access
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-434: Unrestricted Upload of File with Dangerous Type, CWE-94: Improper Control of...
Cisco Firepower Threat Management Console Authenticated Denial of Service
Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 build 37/build 1213 Platform: Embedded Linux CWE Classification: CWE-404: Improper Resource Shutdown or Release Impact: Denial of Service Attack vector:...
SQLite Tempdir Selection Vulnerability
Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...
Ubiquiti Administration Portal CSRF to Remote Command Execution
Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...
Arris DG1670A Cable Modem Remote Command Execution
Vulnerability Details Affected Vendor: Arris Affected Product: Cable Modem Affected Version: DG1670A, TG1670 Platform: Embedded Linux CWE Classification: CWE-73: External Control of File Name or Path; CWE-77: Improper Neutralization of Special Elements used in a Command; CWE-522: Insufficiently...
Seagate GoFlex Satellite Remote Telnet Default Password
Vulnerability Details Affected Vendor: Seagate Affected Product: GoFlex Satellite Affected Version: 1.3.7 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel; CWE-798: Use of Hard-coded Credentials Impact: Remote Administration Attack...
Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address
Vulnerability Details Affected Vendor: Dell Affected Product: Pre-Boot Authentication Driver Affected Version: 1.0.1.5 Platform: Microsoft Windows XP SP3, Microsoft Windows 2003 SP2, Microsoft Windows 7 CWE Classification: CWE-20: Improper input validation Impact: Arbitrary Code Execution Attack...
Linksys EA6100 Wireless Router Authentication Bypass
Vulnerability Details Affected Vendor: Linksys Affected Product: EA6100 - EA6300 Wireless Router Affected Version: 1.1.5 Platform: Embedded Linux CWE Classification: CWE-288: Authentication Bypass Using an Alternate Path or Channel Impact: Remote Administration Attack vector: HTTP CVE-ID: 2...
VBox Satellite Express Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: VBox Communications Affected Product: Satellite Express Protocol Affected Version: 2.3.17.3 Platform: Microsoft Windows XP SP3, Microsoft Windows 7 x86 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code Execution Attack vector:...
XGI Windows VGA Display Manager Arbitrary Write Privilege Escalation
Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: XGI VGA Display Manager Affected Version: 6.14.10.1090 Platform: Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code Execution Attack vector: IOCTL...
SiS Windows VGA Display Manager Multiple Privilege Escalation
Vulnerability Details Affected Vendor: Silicon Integrated Systems Corporation Affected Product: Windows VGA Display Manager Affected Version: 6.14.10.3930 Platform: Microsoft Windows 7 x86, Microsoft Windows XP SP3 CWE Classification: CWE-123: Write-what-where condition Impact: Arbitrary Code...
Piriform CCleaner Wiped Filename Recovery
Vulnerability Details Affected Vendor: Piriform Affected Product: CCleaner Affected Version: 3.26.0.1988 - 5.02.5101 Platform: Microsoft Windows 7 x64 Service Pack 1 CWE Classification: CWE-200: Information Exposure Impact: Information Exposure Attack vector: Local CVE-ID: CVE-2015-3999 2...