当前节点:cve-famous
时间节点
2020-06-06 17:24:52知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:IBM WebSphere
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.

IBM WebSphere Application Server网络部署7.0、8.0、8.5和9.0可以允许远程攻击者使用来自不受信任来源的特制序列化对象序列,在系统上执行任意代码。 IBM X-Force ID:181228。
2020-06-06 17:24:17知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Apache Unomi允许使用OGNL脚本的条件,该脚本提供了从JDK调用静态Java类的可能性,该类可以在运行中的Java进程的权限级别下执行代码。
2020-06-06 17:24:11知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Docker
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.

通过Windows上的2.2.0.5在Docker桌面中发现了一个问题。如果本地攻击者在使用相同名称启动Docker之前设置了自己的命名管道,则该攻击者可以拦截来自Docker Service(以SYSTEM身份运行)的连接尝试,然后冒充他们的特权。
2020-06-06 00:00:39知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:通达
2020-06-06 00:00:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:通达
2020-06-04 17:10:32知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Kibana
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.

6.8.9和7.7.0之前的Kibana版本在TSVB可视化文件中包含一个存储的XSS缺陷。能够编辑或创建TSVB可视化文件的攻击者可以允许攻击者代表编辑TSVB可视化文件的Kibana用户获取敏感信息或执行破坏性操作。
2020-06-04 17:10:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Elasticsearch
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.

发现CVE-2020-7009的修复不完整。如果攻击者能够创建API密钥以及身份验证令牌,则从6.7.0至6.8.7和7.0.0至7.6.1的Elasticsearch版本包含特权升级漏洞。能够生成API密钥和身份验证令牌的攻击者可以执行一系列步骤,从而导致以提升的特权生成身份验证令牌。
2020-06-04 17:10:27知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Kibana
Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

6.8.9和7.7.0之前的Kibana版本包含TSVB中的原型污染缺陷。具有创建TSVB可视化文件特权的经过身份验证的攻击者可能会插入数据,这将导致Kibana执行任意代码。这可能会导致攻击者在主机系统上使用Kibana进程的权限执行代码。
2020-06-04 17:10:25知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Kibana
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.

Kibana版本6.7.0至6.8.8和7.0.0至7.6.2在升级助手中包含一个原型污染缺陷。经过身份验证的攻击者有权写入Kibana索引,它可能会插入导致Kibana执行任意代码的数据。这可能会导致攻击者在主机系统上使用Kibana进程的权限执行代码。
2020-06-04 17:10:21知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Elasticsearch
Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK.

1.1.0之前的Kubernetes上的Elastic Cloud(ECK)版本使用弱随机数生成器生成密码。如果攻击者能够确定当前Elastic Stack集群的部署时间,则他们可能能够更轻松地暴力破解ECK生成的Elasticsearch凭证。
2020-06-04 17:09:38知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Solr
IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997.

IBM Security Guardium 11.1可能允许同一网络上的攻击者获得对Solr仪表板的访问权,并导致拒绝服务攻击。 IBM X-Force ID:176997
2020-06-04 17:08:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

针对Cisco 809和829工业集成多业务路由器(工业ISR)和Cisco 1000系列互联网格路由器(CGR1000)的Cisco IOS软件中的多个漏洞可能允许未经身份验证的远程攻击者或经过身份验证的本地攻击者在受影响的系统上执行任意代码或导致受影响的系统崩溃并重新加载。有关这些漏洞的更多信息,请参见本通报的“详细信息”部分。
2020-06-04 17:08:57知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

运行Cisco IOS软件的Cisco 809和829工业集成多业务路由器(工业ISR)和Cisco 1000系列互联网格路由器(CGR1000)的Cisco IOx应用环境中的多个漏洞可能允许攻击者造成拒绝服务(DoS)条件或在受影响的设备上以提升的特权执行任意代码。有关这些漏洞的更多信息,请参见本通报的“详细信息”部分。
2020-06-04 17:08:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

Catalyst 4500系列交换机上Cisco IOS软件和Cisco IOS XE软件的简单网络管理协议(SNMP)子系统中的漏洞可能允许经过身份验证的远程攻击者导致拒绝服务(DoS)条件。该漏洞是由于软件处理特定的SNMP对象标识符时输入验证不足所致。攻击者可以通过将精心制作的SNMP数
2020-06-04 17:08:45知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user.

2020-06-04 17:08:34知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed.

Cisco IOS软件和Cisco IOS XE软件中的Internet密钥交换版本2(IKEv2)实施中的漏洞可能允许未经身份验证的远程攻击者阻止IKEv2建立新的安全关联。该漏洞是由于对精心制作的IKEv2 SA-Init数据包的错误处理所致。攻击者可以通过将精心制作的IKEv2 SA-Init数据包发送到受影响的设备来利用此漏洞。利用此漏洞可能使攻击者导致受影响的设备达到最大传入协商限制,并阻止进一步形成IKEv2安全关联。
2020-06-04 17:08:32知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user.

Cisco IOS XE Web管理软件的基于角色的访问控制(RBAC)功能中的漏洞可能允许只读身份验证的远程攻击者以Admin用户身份执行命令或配置更改。该漏洞是由于对管理GUI的RBAC处理不正确造成的。攻击者可以通过向受影响的设备发送修改后的HTTP请求来利用此漏洞。利用此漏洞可能允许攻击者作为只读用户执行CLI命令或配置更改,就好像他们是管理员用户一样。
2020-06-04 17:08:30知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco IOS软件,Cisco IOS XE软件和Cisco NX-OS软件中的安全组标记交换协议(SXP)中的漏洞可能允许未经身份验证的远程攻击者重新加载受影响的设备,从而导致拒绝服务(DoS) ) 健康)状况。存在此漏洞是因为处理的SXP数据包处理不当。攻击者可以通过将特制的SXP数据包发送到受影响的设备来利用此漏洞。成功的利用可能使攻击者重新加载受影响的设备,从而导致DoS状态。
2020-06-04 17:08:28知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device.

Cisco IOS XE软件中针对Cisco IOx应用程序托管基础架构的授权控制中的漏洞可能允许未经身份验证的远程攻击者在未经适当授权的情况下执行Cisco IOx API命令。该漏洞是由于对授权令牌请求的处理不正确造成的。攻击者可以通过使用精心设计的API调用来请求此令牌,从而利用此漏洞。利用此漏洞可能使攻击者获得授权令牌并在受影响的设备上执行任何IOx API命令。
2020-06-04 17:08:26知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition.

Cisco IOS软件和Cisco IOS XE软件的会话初始协议(SIP)库中的漏洞可能允许未经身份验证的远程攻击者触发重新加载受影响的设备,从而导致拒绝服务(DoS)状态。该漏洞是由于对收到的SIP消息的健全性检查不足所致。攻击者可以通过将精心制作的SIP消息发送到受影响的设备来利用此漏洞。成功的利用可能使攻击者重新加载受影响的设备,从而导致拒绝服务状况。
2020-06-04 17:08:23知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco IOS软件和Cisco IOS XE软件的通用工业协议(CIP)功能的实现中存在多个漏洞,可能允许未经身份验证的远程攻击者重新加载受影响的设备,从而导致拒绝服务(DoS)状态。该漏洞是由于CIP流量的输入处理不足所致。攻击者可以通过发送精心制作的CIP流量来由受影响的设备进行处理,从而利用这些漏洞。成功的利用可能使攻击者重新加载受影响的设备,从而导致DoS状态。
2020-06-04 17:08:21知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition.

Cisco IOS XE软件的基于Web的用户界面(Web UI)中的漏洞可能允许经过身份验证的具有只读特权的远程攻击者向受感染的设备注入IOS命令。注入的命令应要求更高的特权级别才能执行。该漏洞是由于对特定HTTP请求的输入验证不足所致。攻击者可以通过向受影响的设备上的特定Web UI端点发送特制的HTTP请求来利用此漏洞。成功利用该漏洞可能使攻击者向受影响的设备注入IOS命令,这可能使攻击者更改设备的配置或导致拒绝服务(DoS)条件。
2020-06-04 17:08:19知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying filesystem of the device. The vulnerability is due to insufficient file scope limiting. An attacker could exploit this vulnerability by creating a specific file reference on the filesystem and then accessing it through the web UI. An exploit could allow the attacker to read arbitrary files from the underlying operating system's filesystem.

Cisco IOS XE软件的基于Web的用户界面(Web UI)中的漏洞可能允许具有管理特权的经过身份验证的远程攻击者读取设备的基础文件系统上的任意文件。该漏洞是由于文件范围限制不足所致。攻击者可以通过在文件系统上创建特定的文件引用,然后通过Web UI访问它来利用此漏洞。利用漏洞可以使攻击者从底层操作系统的文件系统中读取任意文件。
2020-06-04 17:08:15知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass.

Cisco IOS XE软件的基于Web的用户界面(Web UI)中的漏洞可能允许未经身份验证的相邻攻击者绕过受影响设备上的访问控制限制。该漏洞是由于Web UI的特定终结点上存在代理服务所致。攻击者可以通过连接到代理服务来利用此漏洞。利用漏洞可以使攻击者通过受影响的设备的管理网络代理访问请求,从而绕过网络上的访问限制。当通过管理虚拟路由和转发(VRF)到达代理时,这可能会降低旁路的有效性。
2020-06-04 17:08:12知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device.

用于Cisco Catalyst 9800系列无线控制器的Cisco IOS XE软件的Flexible NetFlow版本9数据包处理器中的漏洞可能允许未经身份验证的远程攻击者在受影响的设备上导致拒绝服务(DoS)条件。该漏洞是由于Flexible NetFlow版本9记录中的参数验证不正确引起的。攻击者可以通过将格式错误的Flexible NetFlow版本9数据包发送到受影响设备的控制和配置无线访问点(CAPWAP)数据端口来利用此漏洞。利用此漏洞可能使攻击者触发无限循环,从而导致进程崩溃,从而导致设备重新加载。
2020-06-04 17:08:09知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle.

适用于Cisco 4300系列集成多业务路由器和Cisco Catalyst 9800-L无线控制器的Cisco IOS XE软件的硬件加密驱动程序中的漏洞可能允许未经身份验证的远程攻击者断开合法IPsec VPN会话与受影响设备的连接。该漏洞是由于未对接收到的封装安全有效载荷(ESP)数据包的真实性进行验证所致。攻击者可以通过中间人篡改ESP明文值来利用此漏洞。
2020-06-04 17:08:07知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Cisco IOS XE软件的Web UI中的漏洞可能允许经过身份验证的远程攻击者在受影响的设备的基础操作系统上注入并执行具有管理特权的任意命令。该漏洞是由于用户对Web UI提供的输入的验证不足而引起的。攻击者可以通过向Web UI提交精心设计的输入来利用此漏洞。成功利用此漏洞可能使攻击者在受影响的设备上以管理特权执行任意命令。
2020-06-04 17:08:05知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device.

Cisco IOS XE软件的Web UI中的漏洞可能允许经过身份验证的具有管理特权的远程攻击者在基础Linux Shell上以root特权执行任意代码。该漏洞是由于对用户提供的输入进行了不正确的验证所致。攻击者可以通过首先在受影响的设备本身上创建恶意文件,然后将第二个恶意文件上传到设备来利用此漏洞。成功的利用可能使攻击者能够以root特权执行任意代码,或者绕过设备上的许可要求。
2020-06-04 17:08:03知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition.

Cisco IOS软件,Cisco IOS XE软件,Cisco IOS XR软件和Cisco NX-OS软件中的Cisco One Platform Kit(onePK)拓扑发现服务中的漏洞可能允许未经身份验证的相邻攻击者执行任意代码或导致受影响的设备上的拒绝服务(DoS)条件。该漏洞是由于onePK
2020-06-04 17:08:01知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device.

Cisco IOS XE SD-WAN软件中的漏洞可能允许未经身份验证的物理攻击者绕过身份验证,并不受限制地访问受影响设备的根外壳。存在此漏洞是因为受影响的软件对某些命令的身份验证机制不足。攻击者可以通过停止受影响设备的启动初始化来利用此漏洞。成功利用该漏洞可能使攻击者绕过身份验证并获得对受影响设备根外壳程序的不受限制的访问。
2020-06-04 17:07:59知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device.

Cisco IOS XE软件的虚拟服务容器中的漏洞可能允许经过身份验证的本地攻击者获得受影响设备上的根级特权。该漏洞是由于对用户提供的开放式虚拟设备(OVA)的验证不足所致。攻击者可以通过在受影响的设备上安装恶意的OVA来利用此漏洞。
2020-06-04 17:07:57知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device.

Cisco IOS XE软件中的漏洞可能允许经过身份验证的本地攻击者将其特权升级为具有根级特权的用户。该漏洞是由于对用户提供的内容的验证不足所致。此漏洞可能允许攻击者将恶意软件加载到受影响的设备上。
2020-06-04 17:07:55知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user.

Cisco IOS XE软件ROMMON中的漏洞可能允许经过身份验证的本地攻击者将特权提升到基础操作系统的根用户的特权。该漏洞是由于ROMMON允许在初次启动时将特殊参数传递给设备的缘故。攻击者可以通过在初次启动时向设备发送参数来利用此漏洞。漏洞利用可能使攻击者从Priv15用户提升为root用户,并以root用户的特权执行任意命令。
2020-06-04 17:07:52知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device.

Cisco IOS XE软件的Web UI中的漏洞可能允许经过身份验证的远程攻击者在受影响的设备的基础操作系统上以root特权执行任意命令。该漏洞是由于不正确的输入清理造成的。攻击者可以通过将精心制作的文件上传到受影响设备的Web UI来利用此漏洞。成功的利用可能使攻击者能够在设备上以root特权注入并执行任意命令。
2020-06-04 17:07:50知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise.

Cisco IOS XE软件的Web UI中的漏洞可能允许经过身份验证的远程攻击者在受影响的设备的基础操作系统上以root特权执行任意命令。该漏洞是由于不正确的输入清理造成的。具有对受影响设备的有效管理访问权限的攻击者可以通过在Web UI的表单上提供精心设计的输入参数,然后提交该表单来利用此漏洞。成功的利用可能使攻击者能够在设备上以root用户特权执行任意命令,这可能导致完全的系统破坏。
2020-06-04 17:07:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user.

适用于Cisco 809和829工业集成多业务路由器(工业ISR)和Cisco 1000系列互联网格路由器(CGR1000)的Cisco IOS软件的CLI解析器中的漏洞可能允许经过身份验证的本地攻击者在虚拟设备服务器上执行任意shell命令(VDS)的受影响的设备。攻击者必须具有特权级别15的有效用户凭据。该漏洞是由于传递给特定V
2020-06-04 17:07:42知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.

Cisco IOS XE软件中的软件映像验证中的漏洞可能允许未经身份验证的物理攻击者在受影响的设备上安装和引导恶意软件映像或执行未签名的二进制文件。该漏洞是由于在初始引导过程中对用于管理系统映像文件的数字签名验证的代码区域检查不当造成的。攻击者可以通过在受影响的设备上加载未签名的软件来利用此漏洞。成功的利用可能使攻击者能够在目标设备上安装和引导恶意软件映像或执行未签名的二进制文件。
2020-06-04 17:07:40知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an affected device. The vulnerability is due to insufficient access restrictions on the area of code that manages the image verification feature. An attacker could exploit this vulnerability by first authenticating to the targeted device and then logging in to the Virtual Device Server (VDS) of an affected device. The attacker could then, from the VDS shell, disable Cisco IOS Software integrity (image) verification. A successful exploit could allow the attacker to boot a malicious Cisco IOS Software image on the targeted device. To exploit this vulnerability, the attacker must have valid user credentials at privilege level 15.

用于Cisco 809和829工业集成多业务路由器(工业ISR)的Cisco IOS软件的图像验证功能中的漏洞可能允许经过身份验证的本地攻击者在受影响的设备上启动恶意软件图像。该漏洞是由于对管理图像验证功能的代码区域的访问限制不足所致。攻击者可以通过首先
2020-06-04 17:07:37知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.

特定Cisco IOS XE软件交换机的引导选项处理中的漏洞可能允许经过身份验证的本地攻击者使用root shell访问底层操作系统(OS),从而在设备引导期间进行命令注入攻击。此漏洞是由于在处理启动选项时输入验证检查不充分所致。攻击者可以通过修改设备启动选项来执行攻击者提供的代码来利用此漏洞。成功利用此漏洞可能允许攻击者绕过安全启动过程,并以root级特权在受影响的设备上执行恶意代码。
2020-06-04 17:07:31知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device.

运行Cisco IOS XE软件的Cisco Catalyst 9800系列无线控制器的IEEE 802.11w保护的管理帧(PMF)处理中的漏洞可能允许未经身份验证的相邻攻击者终止与受影响设备的有效用户连接。存在此漏洞是因为受影响的软件无法正确验证其收到的802.11w取消关联和取消身份验证PMF。攻击者可以通过从与受影响的设备相邻的网络上的有效的经过身份验证的客户端发送欺骗的802.11w PMF来利用此漏洞。成功利用此漏洞可能使攻击者终止与受影响设备的单个有效用户连接。
2020-06-04 17:07:26知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory.

用于Cisco 809和829工业集成多业务路由器
2020-06-04 17:07:22知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device.

Cisco IOS软件和Cisco IOS XE软件的工具命令语言(Tcl)解释器中的漏洞可能允许具有特权EXEC凭据的经过身份验证的本地攻击者在具有根特权的基础操作系统(OS)上执行任意代码。该漏洞是由于传递给Tcl解释器的数据的输入验证不足所致。攻击者可以通过在受影响的设备上加载恶意的Tcl代码来利用此漏洞。成功的利用可能使攻击者导致内存损坏或在受影响的设备的基础OS上以root特权执行代码。
2020-06-04 17:07:20知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.

运行Cisco IOS XE软件的Cisco Catalyst 9800系列无线控制器的本地重要证书(LSC)设置功能中的漏洞可能允许未经身份验证的远程攻击者导致内存泄漏,从而可能导致拒绝服务(DoS)状态。该漏洞是由于某些公钥基础结构(PKI)数据包的不正确处理引起的。攻击者可以通过将精心制作的安全套接字层(SSL)数据包发送到受影响的设备来利用此漏洞。成功的利用可能导致受影响的设备连续消耗内存,这可能导致内存分配失败,从而导致崩溃并导致DoS条件。
2020-06-04 17:07:16知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco IOS软件和Cisco IOS XE软件的工具命令语言(Tcl)解释程序中的漏洞可能允许具有特权EXEC凭据的经过身份验证的本地攻击者在受影响的系统上引起拒绝服务(DoS)条件。该漏洞是由于传递给Tcl解释器的数据的输入验证不足所致。攻击者可以通过在受影响的设备上执行精心设计的Tcl参数来利用此漏洞。利用漏洞可以使攻击者重新加载受影响的设备,从而导致DoS状态。
2020-06-04 17:07:08知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

Cisco IOS软件和Cisco IOS XE软件的Secure Shell(SSH)服务器代码中的漏洞可能允许经过身份验证的远程攻击者重新加载受影响的设备。该漏洞是由于内部状态未在SSH状态机中正确表示而导致的,从而导致意外行为。攻击者可以通过建立到受影响设备的SSH连接并使用导致该连接内出现错误情况的特定流量模式来利用此漏洞。成功利用该漏洞可能使攻击者重新加载设备,从而导致拒绝服务(DoS)状态。
2020-06-04 17:06:57知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

运行Cisco IOS软件的Cisco 809和829工业集成多业务路由器(工业ISR)和Cisco 1000系列互联网格路由器(CGR1000)的Cisco IOx应用环境中的多个漏洞可能允许攻击者造成拒绝服务(DoS)条件或在受影响的设备上以提升的特权执行任意代码。有关这些漏洞的更多信息,请参见本通报的“详细信息”部分。
2020-06-04 17:06:54知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Cisco IOS
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory.

针对Cisco 809和829工业集成多业务路由器(工业ISR)和Cisco 1000系列互联网格路由器(CGR1000)的Cisco IOS软件中的多个漏洞可能允许未经身份验证的远程攻击者或经过身份验证的本地攻击者在受影响的系统上执行任意代码或导致受影响的系统崩溃并重新加载。有关这些漏洞的更多信息,请参见本通报的“详细信息”部分。
2020-06-04 17:06:51知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master.

Jenkins Play Framework Plugin 1.0.2和更早版本允许用户在Jenkins master上为表单验证端点指定“ play”命令的路径,从而导致OS命令注入漏洞,用户可以利用该命令将漏洞存储在Jenkins master上。 。
2020-06-04 17:06:48知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability.

Jenkins Subversion部分发布管理器插件1.0.1和更早版本无法转义存储库URL字段表单验证的错误消息,从而导致反映出跨站点脚本漏洞。
2020-06-04 17:06:46知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.

当将Job config.xml数据传输给没有Job / Configure的用户时,Jenkins Project继承插件19.08.02及更早版本不会在'getConfigAsXML'API URL中编辑加密的机密。
2020-06-04 17:06:44知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format.

Jenkins项目继承插件19.08.02及更早版本不需要用户具有Job / ExtendedRead权限来访问XML格式的继承项目任务配置。
2020-06-04 17:06:41知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.

Jenkins Selenium插件3.141.59及其更早版本对其HTTP端点没有CSRF保护,从而使攻击者能够执行该插件提供的所有管理操作。
2020-06-04 17:06:39知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.

Jenkins Compact Columns插件1.11和更早版本在工具提示中显示未处理的作业描述,从而导致存储的跨站点脚本漏洞,具有作业/配置权限的用户可以利用此漏洞。
2020-06-04 17:06:37知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability.

Jenkins ECharts API插件4.7.0-3和更早的版本无法在趋势图中转义版本的显示名称,从而导致存储跨站点脚本漏洞。
2020-06-04 17:06:29知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability.

呈现图表时,Jenkins ECharts API插件4.7.0-3及更早版本不会逃逸解析器标识符,从而导致存储跨站点脚本漏洞。
2020-06-04 17:06:27知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier allows attackers to add or remove agent labels.

Jenkins自组织群集插件模块插件3.20和更早版本中的跨站点请求伪造漏洞允许攻击者添加或删除代理标签。