Lucene search
K
CiscoConnected Mobile Experiences

8 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6787 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2023/10/10 12:0 a.m.5300 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2019/01/24 3:0 p.m.72 views

CVE-2019-1645

The CVE-2019-1645 entry corresponds to Cisco Connected Mobile Experiences (CMX) Information Disclosure. Affected component: CMX software; vulnerability arises from lack of input/validation for certain GET requests to APIs on the device. An unauthenticated, adjacent attacker can send HTTP GET requ...

4.3CVSS4.5AI score0.00519EPSS
CVE
CVE
added 2021/01/13 9:45 p.m.71 views

CVE-2021-1144

CVE-2021-1144 (CMX Privilege Escalation) affects Cisco Connected Mobile Experiences (CMX). The issue is an authorization-check flaw in password-change handling that allows a remote, authenticated user without administrative privileges to alter the password of any user, including admins, by sendin...

8.8CVSS8.7AI score0.01409EPSS
CVE
CVE
added 2021/08/04 5:20 p.m.68 views

CVE-2021-1522

CVE-2021-1522 describes a weakness in Cisco Connected Mobile Experiences (CMX) where the server-side change-password API does not sufficiently enforce the configured password policy. An authenticated, remote attacker could use a crafted API request to change their own password to a value that vio...

4.3CVSS4.8AI score0.00748EPSS
CVE
CVE
added 2021/01/13 9:20 p.m.53 views

CVE-2021-1143

Summary: CVE-2021-1143 affects Cisco Connected Mobile Experiences (CMX) where lack of authorization checks on certain CMX API GET requests allows an authenticated, remote attacker to enumerate CMX users. Affected product/area: CMX API authorizations within Cisco CMX (no specific version details i...

4.3CVSS4.6AI score0.00734EPSS
CVE
CVE
added 2020/08/26 4:16 p.m.52 views

CVE-2020-3151

CVE-2020-3151 is a Cisco CMX restricted shell escape vulnerability. An authenticated, local attacker with administrative credentials can bypass CLI restrictions due to insufficient security in the restricted shell, enabling execution of normally unauthorized commands with non-root privileges. CNV...

6.7CVSS5.7AI score0.00282EPSS
CVE
CVE
added 2020/08/26 4:16 p.m.51 views

CVE-2020-3152

CVE-2020-3152 affects Cisco Connected Mobile Experiences (CMX). Affected component: CMX CLI with default misconfigured privileges. Root cause: improper user permissions configured by default, enabling an authenticated, local attacker with administrative credentials to execute arbitrary commands w...

7.2CVSS6.8AI score0.00386EPSS