Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Summary Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. Note: To exploit these vulnerabilities, an attacker must have valid ISE administrative credentials. These vulnerabilities can be exploited using any…
Cisco NX-OS Software Image Verification Bypass Vulnerability
Summary A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An…
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability
Summary A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted…
Cisco Firepower Threat Defense Software for Firepower 1000, 2100, 3100, and 4200 Series Static Credential Vulnerability
Summary A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to the presence of static accounts with hard-coded…
Cisco Catalyst SD-WAN Routers Denial of Service Vulnerability
Summary A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD) component of Cisco IOS XE Software in controller mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device….
Schneider Electric Security Notification-Vijeo Designer
10 September 2024OverviewSchneider Electric is aware of a vulnerability in its Vijeo Designer product. The Vijeo Designer product is HMI Configuration Software compatible with Harmony and Magelis HMI. Vijeo Designer software offers functions such as multimedia capabilities and remote access for more efficiency.Failure to apply…
ABB Relion 630 Series Protection RelaysIEC 61850 MMS and improper Input Validation Vulnerabilities
NoticeThe information in this document is subject to change without notice, and should not be construed as a commitment by ABB.ABB provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and…
Cisco Smart Licensing Utility Vulnerabilities
Summary Multiple vulnerabilities in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running. Cisco has released software updates that address these vulnerabilities. There are no…
Cisco Smart Software Manager On-Prem Password Change Vulnerability
Summary A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could…
Cisco Secure Email Gateway Arbitrary File Write Vulnerability
Summary A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and…
Stay connected