Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20739 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2023-11-07 | 8.5 HIGH | 7.3 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. | |||||
| CVE-2022-20782 | 1 Cisco | 1 Identity Services Engine | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | |||||
| CVE-2022-20759 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2023-11-07 | 8.5 HIGH | 8.8 HIGH |
| A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. | |||||
| CVE-2022-1517 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. | |||||
| CVE-2021-40124 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. | |||||
| CVE-2021-34766 | 1 Cisco | 1 Smart Software Manager On-prem | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. This vulnerability is due to insufficient authorization of the System User and System Operator role capabilities. An attacker could exploit this vulnerability by directly accessing a web resource. A successful exploit could allow the attacker to create, read, update, or delete records and settings in multiple functions without the necessary permissions on the web UI. | |||||
| CVE-2021-37167 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device. | |||||
| CVE-2021-28710 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2023-11-07 | 6.9 MEDIUM | 8.8 HIGH |
| certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries. | |||||
| CVE-2021-28702 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2023-11-07 | 4.6 MEDIUM | 7.6 HIGH |
| PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | |||||
| CVE-2021-30152 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. | |||||
| CVE-2021-23893 | 1 Mcafee | 1 Drive Encryption | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | |||||
| CVE-2021-23891 | 1 Mcafee | 1 Total Protection | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense. | |||||
| CVE-2021-23877 | 1 Mcafee | 1 Total Protection | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP. | |||||
| CVE-2021-20208 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Enterprise Linux, Cifs-utils | 2023-11-07 | 4.9 MEDIUM | 6.1 MEDIUM |
| A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-1371 | 1 Cisco | 17 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 14 more | 2023-11-07 | 7.2 HIGH | 6.6 MEDIUM |
| A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. | |||||
| CVE-2021-1579 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker with Administrator read-only credentials to elevate privileges on an affected system. This vulnerability is due to an insufficient role-based access control (RBAC). An attacker with Administrator read-only credentials could exploit this vulnerability by sending a specific API request using an app with admin write credentials. A successful exploit could allow the attacker to elevate privileges to Administrator with write privileges on the affected device. | |||||
| CVE-2021-1400 | 1 Cisco | 12 Wap125, Wap125 Firmware, Wap131 and 9 more | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1572 | 1 Cisco | 2 Confd, Network Services Orchestrator | 2023-11-07 | 6.9 MEDIUM | 7.8 HIGH |
| A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released. | |||||
| CVE-2021-1447 | 1 Cisco | 1 Content Security Management Appliance | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials. | |||||
| CVE-2021-1258 | 3 Cisco, Mcafee, Microsoft | 3 Anyconnect Secure Mobility Client, Agent Epolicy Orchestrator Extension, Windows | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. | |||||