Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 30 novembre 2022Multiple Cisco Products Snort SMB2 Detection Engine Policy Bypass and Denial of Service Vulnerabilities
      Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is proce …

    • 28 novembre 2022Cisco Identity Services Engine Insufficient Access Control Vulnerability
      A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected de …

    • 23 novembre 2022Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022
      On November 1, 2022, the OpenSSL Project announced the following vulnerabilities: CVE-2022-3602 – X.509 Email Address 4-byte Buffer Overflow CVE-2022-3786 – X.509 Email Address Variable Length Buffer Overflow For a description of these vulnerabilities, see OpenSSL Security Advisory [Nov 1 2022]. This advisory is available at the following link:https://tools.cisco.com/security/center/content/CiscoS …

    • 23 novembre 2022Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
      A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. …

    • 23 novembre 2022Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
      A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this …

    • 23 novembre 2022Cisco Identity Services Engine Path Traversal Vulnerability
      A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device.  This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exp …

    • 17 novembre 2022Cisco Identity Services Engine Vulnerabilities
      Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to inject arbitrary operating system commands, bypass security protections, and conduct cross-site scripting attacks. For more information about these vulnerabilities, see the Details section of this advisory. Cisco plans to release software updates that address these vulnerabilities. The …

    • 14 novembre 2022Cisco Identity Services Engine Cross-Site Scripting Vulnerability
      A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administ …

Google Online Security Blog