CVSS: 9.0EPSS: 5%CPEs: 28EXPL: 0CVE-2023-3718 – Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
https://notcve.org/view.php?id=CVE-2023-3718
01 Aug 2023 — An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de AOS-CX. La explotación exitosa... • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •