Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 17 mai 2021Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability
      A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by pe …

    • 13 mai 2021Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability
      A vulnerability in the Java Management Extensions (JMX) component of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A …

    • 12 mai 2021Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
      A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnec …

    • 11 mai 2021MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client
      On May 26, 2020, Apple released a security update for MacOS Catalina, Mojave, and High Sierra. Part of this update addressed a local privilege escalation vulnerability (CVE-2020-9817). Cisco has determined that Cisco AnyConnect Secure Mobility Client releases 4.10.00093 and earlier could be used to exploit this vulnerability. This advisory is available at the following link:https://tools …

    • 10 mai 2021Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021
      On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition …

    • 7 mai 2021Cisco HyperFlex HX Command Injection Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds tha …

    • 7 mai 2021Cisco HyperFlex HX Data Platform File Upload Vulnerability
      A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the a …

    • 5 mai 2021Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities
      Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, t …

    • 5 mai 2021Cisco Web Security Appliance Cross-Site Scripting Vulnerability
      A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could e …

Google Online Security Blog