Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 5 août 2021Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability
      A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user’s operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle po …

    • 4 août 2021Cisco Packet Tracer for Windows DLL Injection Vulnerability
      A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configu …

    • 4 août 2021Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
      A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a …

    • 4 août 2021Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass
      A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server …

    • 4 août 2021Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands  For more information about these vulnerabilities, see the Details section of this advisory. Cisco …

    • 4 août 2021Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
      A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs th …

    • 4 août 2021Cisco Evolved Programmable Network Manager Sensitive Information Disclosure Vulnerability
      A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the a …

    • 4 août 2021ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
      A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device.  The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of …

    • 4 août 2021Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities
      Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about thes …

    • 3 août 2021Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. These vulnerabilities are due to improper validation of user-supplied input. An attacker could exploit these vulnerabilities by sending craft …

Google Online Security Blog