news

libssh Server-Side State Machine Unauthorized Access Vulnerability

A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the …

libssh Server-Side State Machine Unauthorized Access VulnerabilityRead More »

AWS Service Catalog Announces Self-Service Actions

AWS Service Catalog, used by enterprises to organize and govern cloud resources on AWS, now enables your end users to perform self-service actions on your provisioned products, without needing to grant end users full access to AWS services. Source:: Amazon AWS

Infineon’s XMC4800 Now Qualified for Amazon FreeRTOS

Today, Infineon’s XMC4800 IoT Connectivity Kit is qualified for Amazon FreeRTOS. You can now take advantage of Amazon FreeRTOS features and benefits for microcontrollers using the development board from Infineon. Source:: Amazon AWS

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An …

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service VulnerabilityRead More »

Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit …

Cisco Prime Collaboration Assurance Cross-Site Request Forgery VulnerabilityRead More »

Cisco SocialMiner Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit …

Cisco SocialMiner Cross-Site Scripting VulnerabilityRead More »

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An …

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service VulnerabilityRead More »

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that …

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure VulnerabilityRead More »

Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit …

Cisco Wireless LAN Controller Software Cross-Site Scripting VulnerabilityRead More »

Cisco Wireless LAN Controller Software Directory Traversal Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a …

Cisco Wireless LAN Controller Software Directory Traversal VulnerabilityRead More »

Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the …

Cisco Wireless LAN Controller Software GUI Privilege Escalation VulnerabilityRead More »

Cisco Wireless LAN Controller Software Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting …

Cisco Wireless LAN Controller Software Information Disclosure VulnerabilityRead More »

Cisco Wireless LAN Controller Software Privilege Escalation Vulnerability

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless …

Cisco Wireless LAN Controller Software Privilege Escalation VulnerabilityRead More »

Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service Vulnerability

A vulnerability in the Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a deadlock condition that may occur when an affected AP attempts to …

Cisco Aironet 1560, 1800, 2800, and 3800 Series Access Points Denial of Service VulnerabilityRead More »

Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker could exploit this vulnerability by convincing a targeted user to follow a URL to …

Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery VulnerabilityRead More »

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP …

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service VulnerabilityRead More »

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service Vulnerability

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause …

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service VulnerabilityRead More »