A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.
Base Score: 9.8 CRITICAL
_____________________________________
A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.
Base Score: 7.2 HIGH
__________________________________
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.
Base Score: 8.8 HIGH
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
_____________________________
Description
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.
Base Score: 8.8 HIGH
CVE-2022-46609 Description Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. Base Score: 9.8 CRITICAL https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 _______________________________ CVE-2022-44832 Description D-Link DIR-3040 device with firmware 120B03 was discovered to contain a […]
CVE-2023-22417 Description A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the […]
CVE-2023-21803 Description Windows iSCSI Discovery Service Remote Code Execution Vulnerability Base Score: 9.8 CRITICAL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803 CVE-2023-21804 Description Windows Graphics Component Elevation of Privilege Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804 CVE-2023-21805 Description Windows MSHTML Platform Remote Code Execution Vulnerability Base Score: 7.8 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805 CVE-2023-21806 Description Power BI Report Server Spoofing Vulnerability Base Score: 8.2 HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806 […]
Leave a Reply