Page 73 of 35333 results (0.380 seconds)

CVSS: 3.8EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. ... A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejecución remota de comandos (RCE) en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. ... La explotación exitosa de esta vulnerabilidad podría permitir que un atacante remoto autenticado cree archivos arbitrarios, lo que podría provocar una ejecución remota de comandos (RCE) en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. Existe una vulnerabilidad de inyección de comandos autenticados en la interfaz de línea de comandos de Instant AOS-8 y AOS-10. Una explotación exitosa de esta vulnerabilidad da como resultado la capacidad de ejecutar comandos arbitrarios como un usuario privilegiado en el sistema operativo subyacente. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. • https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •