Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
614b86f032bbc9466892166a5a1742b9Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.
f78d9a450e8dddba0757fc613e10da7aCisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.
e52727f67ec73f54a1870891d9e11891Cisco Data Center Network Manager version 11.2 remote code execution exploit.
ebfd0aee7d0a59ad770e679268463c0eArmis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.
7757dbb411e6c03282748d0e682b3406Debian Linux Security Advisory 4607-1 - Lukas Kupczyk reported a vulnerability in the handling of chunked HTTP in openconnect, an open client for Cisco AnyConnect, Pulse and GlobalProtect VPN. A malicious HTTP server (after having accepted its identity certificate), can provide bogus chunk lengths for chunked HTTP encoding and cause a heap-based buffer overflow.
6cbb058b70a03ea1bda3ffe2cb05aeaaCisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
f2b2bc3ee27fbddf61de2d091386e2bdCisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.
9215aa968b49d3b98e32f665f3d9a9eaDebian Linux Security Advisory 4535-1 - Lilith of Cisco Talos discovered a buffer overflow flaw in the quota code used by e2fsck from the ext2/ext3/ext4 file system utilities. Running e2fsck on a malformed file system can result in the execution of arbitrary code.
43e0fb16ab09b3a1d1e9431d5401b18aThis is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an application uses it, there is a risk when opening an archive that is maliciously modified, and results in the embedded payload to be written to an arbitrary location (such as a web root), and results in remote code execution.
ff948c64df1f6f021439eaa12e78eb94Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.
a98fd2e94251ea2edc1d831fe438607dMany Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
c446ad84eeb90a116264677ada159562Cisco Email Security Virtual Appliance C380 IronPort remote host header injection exploit.
59fdeb6b686e0eb34a78c58ed8e75d61Cisco Email Security Virtual Appliance C300V IronPort remote host header injection exploit.
58c6e4353b033250b2b8241c3f4cd6e3Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.
229be091f2335df90cbf4ec41f426693Cisco IronPort C350 remote host header injection exploit.
5d3d449bc480bc3b9513a64b866d4390Cisco Email Security Virtual Appliance C370 IronPort remote host header injection exploit.
250531d59b2fbec5011f1896e26b6647Cisco Email Security Virtual Appliance C600V IronPort remote host header injection exploit.
fb41282af3b637cdf7710214c3675f01Cisco C690 Email Security Appliance version 11.0.2-044 IronPort remote host header injection exploit.
01e124610488c96055cc20617b17d833Cisco Email Security Virtual Appliance C100V IronPort remote host header injection exploit.
483058c8b4dc3d3438f5659205199510Cisco C170 Email Security Appliance version 10.0.3-003 IronPort remote host header injection exploit.
4cf229797e034faae84bece5e94cfe54Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.
ec4e8152d383453c9248650b56aa9185The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
a147290750eba4c14c3f5dfe91e25f2aThis Metasploit module abuses a known default password on Cisco UCS Director. The 'scpuser' has the password of 'scpuser', and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.
119059667e4c122ab82b873c814ccde3A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
f2ecfadb9d5292bc0aad449c38fa7ae1
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed