Exploit – Intelligent Systems Monitoring

Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

January 2, 2020January 2, 2020 Cisco Leave a comment

A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device.

The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access

Security Impact Rating: Medium

CVE: CVE-2019-15999

No Related Posts

Sql injection in url path

December 24, 2019December 24, 2019 PCIS Support Team Leave a comment

NET applications targeted by the highest number This indicates an attempt to exploit a SQL-injection vulnerability through HTTP requests. Commands …

No Related Posts

Null byte injection

December 20, 2019December 20, 2019 PCIS Support Team Leave a comment

This attack takes advantage of improper coding of web applications, which allows hackers to exploit the The SQL Injection Knowledge Base is the …

No Related Posts

sql injection penetration testing using sqlmap

December 17, 2019December 17, 2019 PCIS Support Team Leave a comment

sqlmap is automated linux and windows based tool to find sql injection vulnerability. Sqlmap gives vulnerable http request url, sqlmap can exploit the …

No Related Posts

SQL injection in phpMyAdmin

November 22, 2019November 22, 2019 PCIS Support Team Leave a comment

TAGS ExploitinjectionphpMyAdminSQLSQL AttackSQL ExploitSQL InjectionSQL VulnerablevulnerabilityWeb Application Exploit. Share This …

No Related Posts

Cisco DNA Spaces: Connector Command Injection Vulnerability

November 19, 2019November 19, 2019 Cisco Leave a comment

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root.

The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-cmd-injection

Security Impact Rating: Medium

CVE: CVE-2019-15997

No Related Posts

Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability

November 19, 2019November 19, 2019 Cisco Leave a comment

A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-vman-csrf

Security Impact Rating: Medium

CVE: CVE-2019-16002

No Related Posts

Cisco Unity Express Command Injection Vulnerability

November 19, 2019November 19, 2019 Cisco Leave a comment

A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials.

The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-unity-exp-comm-inject

Security Impact Rating: Medium

CVE: CVE-2019-15986

No Related Posts

Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

November 19, 2019November 19, 2019 Cisco Leave a comment

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-priv-esca

Security Impact Rating: Medium

CVE: CVE-2019-15996

No Related Posts

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

November 11, 2019November 11, 2019 Cisco Leave a comment

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce

Security Impact Rating: High

CVE: CVE-2019-15992

No Related Posts

Tag: Exploit

Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability

Related:

Sql injection in url path

Related:

Null byte injection

Related:

sql injection penetration testing using sqlmap

Related:

SQL injection in phpMyAdmin

Related:

Cisco DNA Spaces: Connector Command Injection Vulnerability

Related:

Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability

Related:

Cisco Unity Express Command Injection Vulnerability

Related:

Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

Related:

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

Related:

Links