Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 22 septembre 2022Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability
      A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message …

    • 22 septembre 2022Cisco Secure Web Appliance Privilege Escalation Vulnerability
      A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this …

    • 14 septembre 2022Cisco IOS XR Software Broadband Network Gateway PPP over Ethernet Denial of Service Vulnerability
      A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by s …

    • 14 septembre 2022Cisco IOS XR Software Cisco Discovery Protocol Denial of Service Vulnerability
      A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malici …

    • 14 septembre 2022Cisco Network Convergence System 4000 Series TL1 Denial of Service Vulnerability
      A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful expl …

    • 9 septembre 2022Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
      A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system.   This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attac …

    • 7 septembre 2022Cisco Meraki MR Series Splash Page Insecure Configuration Option
      A configuration option for the Splash Page feature (also known as Captive Portal) in Cisco Meraki MR Series devices may allow an administrator to configure an 802.11 WLAN in which traffic policies are not applied to clients that are connecting to the network. The insecure configuration is determined when an administrator configures a WLAN with Splash Page access control and Captive Portal str …

    • 7 septembre 2022Cisco Webex Meetings App Character Interface Manipulation Vulnerability
      A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application int …

    • 7 septembre 2022Vulnerability in NVIDIA Data Plane Development Kit Affecting Cisco Products: August 2022
      On August 29, 2022, NVIDIA announced the following vulnerability with a medium impact: CVE-2022-28199: Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) – August 2022 For a description of this vulnerability, see Security Bulletin: NVIDIA Data Plane Development Kit (MLNX_DPDK) – August 2022. This advisory will be updated as additional information becomes available. This advisory is a …

Google Online Security Blog