Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6cThis Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.
a4ea9f1287ac1dba88becbc65cca9516c214cbb28ac296ea4aab456d25255b07This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root.
2c36a878b4e9bd45ad81ca8fb24a7604744f9f005ad314f116c110e64106d9a4Cisco RV130W version 1.0.3.44 suffers from a remote stack overflow vulnerability.
cf50c981afbcb668852b8ad19be0b75d28bef6b28174ce3ce8eb6a47cb7bcc94THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
56672e253c128abaa6fb19e77f6f59ba6a93762a9ba435505a009ef6d58e8d0eCisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
2d21823c888f2d2b908cd05eb0a2166fac4b33a4729b2a9f4b52422d2a88a0f7A vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
09f07f0e9d2f9b46f8c355fbdac1e89d6992aeb917ea250f9d23b8b7c6760b66This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.
3a5930431c87e0e5f639afb9c3aa17008a55b97dc03414a6b04b7d6a4f631c82RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router which was inadequately patched by the vendor.
fa1fddffe139a0d576a787664aa6b3b1d1207ed373110904ad3b88fa8d1e4370RedTeam Pentesting discovered that the Cisco RV320 router still exposes sensitive diagnostic data without authentication via the device's web interface due to an inadequate fix by the vendor.
2b7e66ad19b6068e6af38b37416a2c3c4c1dbb9a1a959f50323d828c81b0520eRedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device's web interface due to an inadequate fix by the vendor.
aa2ffadd37f8b53f7521b5331aff0f56f21b08999e7e3839a9709f9b42d32d19The Cisco Common Service Platform Collector versions 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2 contain hardcoded credentials.
9de3cc083ddf7db43e4d74958044bd8416ed3ad485d7ce5d8ebc5ba34711b3c6A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
7c615622d9d22a65b007e545f2d85da06c422a042f720bd6c5578a1844dec40eCisco Identity Services Engine (ISE) version 2.4.0 suffers from cross site scripting, java deserialization, and in conjunction can lead to remote code execution. Full exploit provided.
58a983e96b653b64c6753866753ad6fb8ddf6684d26a6ed872f1db56982a7a9fCisco RV300 and RV320 suffer from an information disclosure vulnerability.
f64b5564266a9a3f68710710054b391969d788fb5b5f9320aaa4b6b9e833b265Cisco Firepower Management Center versions 6.2.2.2 and 6.2.3 suffer from a cross site scripting vulnerability.
66f4691193670e30d7f843903cb33c35ab8cf3dbdf88444a730a07043135addaRedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Versions 1.4.2.15 through 1.4.2.19 are affected. Fixed in version 1.4.2.20.
0ef1e407d0628e9e533465222b68937646fa1649db7cb36d50953a7f19722bfcRedTeam Pentesting discovered that the Cisco RV320 router exposes sensitive diagnostic data without authentication through the device's web interface. Versions affected include 1.4.2.15 and 1.4.2.17.
fdf7195ccf0d6541be985c8d496c6247eb5c5e6f97854845e3c59933dda9393dRedTeam Pentesting discovered that the configuration of a Cisco RV320 router may be exported without authentication through the device's web interface. Affected versions include 1.4.2.15 and 1.4.2.17.
942511fa9b0bd63bd49cf08b8956b08f9864c3d173a12a505da9fb6a9e650162Cisco VoIP phone such as models 88XX suffer from script insertion, weak and hard-coded passwords, undocumented debug functionality, and various outdated components with known vulnerabilities.
41a1b9784b878fa08044f5ed9bf633aed22e9a1c597ac51d8518b8c652c3cb84Cisco RV110W suffers from password disclosure and command execution vulnerabilities.
49f352762b2cb4aac38f40cf4fba40ffd8992a4abb6d4dbe0d5b524fec9d83c4A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2aCisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This Metasploit module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation. This Metasploit module has been tested with CPI 3.2.0.0.258 and 3.4.0.0.348. Earlier and later versions might also be affected, although 3.4.0.0.348 is the latest at the time of writing. The file upload vulnerability should have been fixed in versions 3.4.1 and 3.3.1 Update 02.
d369d436a86b700503958af590ca11128f061be5032b9413706341e51300f65cA vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system without being analyzed for threats. The vulnerability is due to improper process resource handling. Cisco Immunet versions prior to 6.2.0 and Cisco AMP For Endpoints version 6.2.0 are affected.
5017f9c736285c4def48333e34e95f0cc85a4c481b2df3b3524424ab4b0de654
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed