Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 1 octobre 2020Cisco IOS XE Software Arbitrary Code Execution Vulnerability
      A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating sy …

    • 1 octobre 2020Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address t …

    • 30 septembre 2020Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability
      A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.  The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected …

    • 29 septembre 2020Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities
      Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device …

    • 24 septembre 2020Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability
      A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the …

    • 24 septembre 2020Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities
      Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patt …

    • 24 septembre 2020Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
      A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized. The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacke …

    • 24 septembre 2020Cisco IOS XE Software Guest Shell Unauthorized File System Access Vulnerability
      A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device’s guest shell, and accessing or mo …

    • 24 septembre 2020Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
      A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes t …

Google Online Security Blog