The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.
b839ff1288a335fb85a4e9618cd7250dA vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
61e40633787cc4e53f3c37f19e049211Cisco Identity Services Engine (ISE) version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided.
fa717428076a044b9b2d005670cbabd5Cisco RV300 and RV320 suffer from an information disclosure vulnerability.
3e274f9cd5167fe2dc1dc9d26e45b852Cisco Firepower Management Center versions 6.2.2.2 and 6.2.3 suffer from a cross site scripting vulnerability.
019ced418d636f308a58ed2de11f2ff1RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.
cafb4ced2f3eab94923ea85bcfb23157RedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.
91a2e5f5865089a09b9294c78db4dd79RedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.
26f91421f6edf594c084d8cc00f2287eCisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities.
58d3ffb956311c84e54d85560df06007Cisco RV110W suffers from password disclosure and command execution vulnerabilities.
eed52ea76fb024c920ddc2cbd7084851A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
e0df0d3b74fa1ecc2091d30eb9104327Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.
2c9170145359581c4c8d1c13f564bce3A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected.
7a4ff17f412569211f6751de8fc14501Cisco WebEx Meetings Server suffers from an XML external entity injection vulnerability.
152a45418f4705a70acc44ed4c1917c1iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.
dabae5d2d2f7dfbc02093d00e56e96e6Full write up on the unauthenticated remote code execution and privilege escalation vulnerability in Cisco Prime Infrastructure.
463b73ab6b4dc341e0abdb15816e4711Apple Security Advisory 2018-10-08-1 - iOS 12.0.1 is now available and addresses lock screen issues.
7973fb64f647f02a30d5b632ad7521b0Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing.
05f34986eb4c21ba7fbb27faa2f9bc8fApple Security Advisory 2018-9-24-4 - APPLE-SA-2018-9-24-4 provides additional information for APPLE-SA-2018-9-17-1. iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
be61103916d6a6155c475e643895c9b9Apple Security Advisory 2018-9-17-1 - iOS 12 is now available and addresses memory corruption and input validation vulnerabilities.
94c7b08f05542c1e82ef6e458f60b472Cisco Umbrella Roaming Client version 2.0.168 suffers from a privilege escalation vulnerability.
077c7382cf0843a8338f4cafa0c01262Cisco AnyConnect Secure Mobility Client version 4.6.01099 suffers from a denial of service vulnerability.
5ed808e3cadb933dedf1473553a3dc6eCisco Network Assistant version 6.3.3 suffers from a denial of service vulnerability.
375bcf577cae1bcc14c321a3df4e319bLinkedin mobile iOS application version 9.11.8592.4 suffers from a CPU resource exhaustion vulnerability.
548e38902cc5abaceaeb0c3f8618bdd6This Metasploit module exploits a security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
bea90e46bf066fcc060cb43fe700e2fe
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed