13 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2018-0134
The CVE-2018-0134 issue affects Cisco Policy Suite’s RADIUS authentication module, where an unauthenticated, remote attacker can deduce whether a subscriber username is valid by observing distinct authentication failure messages. This information disclosure vulnerability originates from the RADIU...
CVE-2018-0376
CVE-2018-0376 affects Cisco Policy Suite prior to 18.2.0, in which the Policy Builder interface lacked authentication, allowing unauthenticated remote access to modify or create repositories. The vulnerability is documented with high/severe impact (CVSS v3.0: 9.8, CRITICAL) and was acknowledged b...
CVE-2018-0116
CVE-2018-0116 describes an authentication bypass in Cisco Policy Suite’s RADIUS module. An unauthenticated, remote attacker could be authorized as a subscriber without a valid password, provided a valid username is used, due to incorrect RADIUS user credential validation. Affected are Cisco Polic...
CVE-2018-0377
Cisco Policy Suite CVE-2018-0377 concerns an unauthenticated access vulnerability in the OSGi interface prior to release 18.1.0. Root cause: lack of authentication on the OSGi interface, enabling remote connections that could read or modify files accessible to the OSGi process. Impact per sources...
CVE-2018-0375
CVE-2018-0375 affects Cisco Policy Suite Cluster Manager prior to 18.2.0. Root cause: undocumented, static credentials allow an unauthenticated, remote attacker to log in as root and execute arbitrary commands. Impact: full root access over the affected system via network; high confidentiality, i...
CVE-2015-6316
Cisco Mobility Services Engine (MSE) is affected by CVE-2015-6316 due to a default sshd_config setting that allows login via the oracle account with a hard-coded password. The issue affects MSE versions up to and including 8.0.120.7, enabling remote attackers to obtain access by authenticating as...
CVE-2015-4263
Cisco Mobility Services Engine (MSE) 10.0(0.1) contains a vulnerability in the Control and Provisioning feature that allows remote authenticated users to read log files and obtain sensitive information. The root cause is sensitive data being included in certain log files. An attacker must authent...
CVE-2018-0374
Cisco Policy Suite prior to version 18.2.0 vulnerable to an unauthenticated remote attack via the Policy Builder database. The root cause is lack of authentication, enabling an attacker to connect directly to the Policy Builder database and access or modify data. Affected component: Policy Builde...
CVE-2015-0673
Cisco Mobility Services Engine (MSE) 8.0(110.0) is affected by CVE-2015-0673, a authenticated remote information disclosure vulnerability. The issue allows an attacker with valid credentials to reveal other users’ passwords by reading log files or via an unspecified GUI feature (Bug ID CSCut24792...
CVE-2015-4282
Cisco Mobility Services Engine (MSE)
CVE-2016-9197
CVE-2016-9197 affects Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers. The root cause is a vulnerability in the CLI command parser due to incorrect permissions assigned to configured users, enabling an authenticated, local attacker to obtain access to the underlying operating...
CVE-2013-3469
CVE-2013-3469 concerns Cisco Mobility Services Engine where the Oracle SSL service is misconfigured, allowing an unauthenticated user to establish a session on the database-replication port via SSL and potentially access sensitive information. Cisco notes an anonymous login vulnerability and indi...