3 results (0.014 seconds)

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ • CWE-708: Incorrect Ownership Assignment •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ • CWE-276: Incorrect Default Permissions CWE-708: Incorrect Ownership Assignment •

CVSS: 9.8EPSS: 97%CPEs: 97EXPL: 24

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. • https://github.com/0zvxr/CVE-2022-22965 https://github.com/alt3kx/CVE-2022-22965 https://github.com/zangcc/CVE-2022-22965-rexbb https://github.com/Kirill89/CVE-2022-22965-PoC https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce https://github.com/p1ckzi/CVE-2022-22965 https://github.com/me2nuk/CVE-2022-22965 https://github.com/light-Life/CVE-2022-22965-GUItools https://github.com/viniciuspereiras/CVE-2022-22965-poc https://github.com/itsecurityco/CVE-2022-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •