Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-1599

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-27 Apr, 2011 | 00:00
Updated At-06 Aug, 2024 | 22:28
Rejected At-
Credits

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:27 Apr, 2011 | 00:00
Updated At:06 Aug, 2024 | 22:28
Rejected At:
â–¼CVE Numbering Authority (CNA)

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/1188
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2011/dsa-2225
vendor-advisory
x_refsource_DEBIAN
http://openwall.com/lists/oss-security/2011/04/22/6
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/47537
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2011/1086
vdb-entry
x_refsource_VUPEN
http://securitytracker.com/id?1025433
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2011/1107
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/44529
third-party-advisory
x_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
vendor-advisory
x_refsource_FEDORA
http://downloads.digium.com/pub/security/AST-2011-006.html
x_refsource_CONFIRM
http://secunia.com/advisories/44197
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/1188
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2011/dsa-2225
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://openwall.com/lists/oss-security/2011/04/22/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/47537
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2011/1086
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://securitytracker.com/id?1025433
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2011/1107
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/44529
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://downloads.digium.com/pub/security/AST-2011-006.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/44197
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2011/1188
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2011/dsa-2225
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://openwall.com/lists/oss-security/2011/04/22/6
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/47537
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2011/1086
vdb-entry
x_refsource_VUPEN
x_transferred
http://securitytracker.com/id?1025433
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2011/1107
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/44529
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://downloads.digium.com/pub/security/AST-2011-006.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/44197
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1188
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2225
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2011/04/22/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/47537
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1086
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://securitytracker.com/id?1025433
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/1107
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/44529
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://downloads.digium.com/pub/security/AST-2011-006.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/44197
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:27 Apr, 2011 | 00:55
Updated At:29 Apr, 2026 | 01:13

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches

Digium, Inc.
digium
>>asterisk>>1.4.0
cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.0
cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.0
cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.0
cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.0
cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.1
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.2
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.3
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.10
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.10.1
cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.11
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.12
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.12.1
cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.13
cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.14
cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.15
cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.16
cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.16.1
cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.16.2
cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.17
cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.18
cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19
cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19
cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19
cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19
cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19
cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19.1
cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.19.2
cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.20
cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.20
cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.20
cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.20
cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.20.1
cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.21
cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.21
cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.21
cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.21.1
cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.21.2
cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22
cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22.1
cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.22.2
cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.23
cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.23
cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.23
cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>asterisk>>1.4.23
cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://downloads.digium.com/pub/security/AST-2011-006.htmlsecalert@redhat.com
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.htmlsecalert@redhat.com
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.htmlsecalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2011/04/22/6secalert@redhat.com
N/A
http://secunia.com/advisories/44197secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/44529secalert@redhat.com
N/A
http://securitytracker.com/id?1025433secalert@redhat.com
N/A
http://www.debian.org/security/2011/dsa-2225secalert@redhat.com
N/A
http://www.securityfocus.com/bid/47537secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/1086secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2011/1107secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2011/1188secalert@redhat.com
N/A
http://downloads.digium.com/pub/security/AST-2011-006.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2011/04/22/6af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/44197af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/44529af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1025433af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2011/dsa-2225af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/47537af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/1086af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/1107af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/1188af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://downloads.digium.com/pub/security/AST-2011-006.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/04/22/6
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/44197
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44529
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securitytracker.com/id?1025433
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2225
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47537
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1086
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/1107
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1188
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://downloads.digium.com/pub/security/AST-2011-006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059702.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2011/04/22/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/44197
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/44529
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1025433
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2011/dsa-2225
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/47537
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/1107
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/1188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

228Records found

CVE-2017-14001
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-8
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-6.45% / 92.89%
||
7 Day CHG~0.00%
Published-26 Sep, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asterisk_guiDigium Asterisk GUI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2014-8418
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.57% / 87.97%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-certified_asteriskasteriskn/a
CVE-2019-18610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-29.64% / 97.97%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 17:31
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-certified_asteriskasteriskdebian_linuxn/a
CWE ID-CWE-862
Missing Authorization
CVE-2014-2287
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-2.44% / 82.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Action-Not Available
Vendor-n/aDigium, Inc.Fedora Project
Product-certified_asteriskasteriskfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2286
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.26% / 96.56%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Action-Not Available
Vendor-n/aDigium, Inc.Fedora Project
Product-certified_asteriskasteriskfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2288
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.32% / 89.98%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2289
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-2.16% / 79.99%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2535
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.61% / 90.55%
||
7 Day CHG~0.00%
Published-06 Jul, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15639
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.92% / 97.35%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 12:50
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0871
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-2.57% / 83.25%
||
7 Day CHG~0.00%
Published-11 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14098
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-50.05% / 98.77%
||
7 Day CHG~0.00%
Published-02 Sep, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8416
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.31% / 89.96%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-8415
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.04% / 85.91%
||
7 Day CHG~0.00%
Published-24 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-6609
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-3.61% / 88.10%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-asteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-5642
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-11.65% / 95.53%
||
7 Day CHG~0.00%
Published-09 Sep, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-certified_asteriskasteriskasterisk_digiumphonesn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-17850
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-75.35% / 99.45%
||
7 Day CHG~0.00%
Published-23 Dec, 2017 | 00:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-certified_asteriskasteriskn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3219
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.31% / 87.08%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:41
Updated-15 Nov, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Web UI Command Injection Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeCisco IOS XE Software 16.1.1
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3309
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.77% / 75.35%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:40
Updated-15 Nov, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability

A vulnerability in Cisco Firepower Device Manager (FDM) On-Box software could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by uploading a malicious file to an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on as well as modify the underlying operating system of an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-firepower_device_manager_on-boxCisco Firepower Threat Defense Software
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3387
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-14.07% / 96.12%
||
7 Day CHG~0.00%
Published-16 Jul, 2020 | 17:22
Updated-13 Nov, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN vManage Software Remote Code Execution Vulnerability

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-1100-4g_integrated_services_router1100-6g_integrated_services_routersd-wan_firmware1100-4gltegb_integrated_services_router1100-4gltena_integrated_services_routerCisco SD-WAN vManage
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2169
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||HIGH
EPSS-2.09% / 79.32%
||
7 Day CHG~0.00%
Published-02 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_te_softwaretelepresence_tc_softwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0679
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9||HIGH
EPSS-2.11% / 79.49%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-prime_infrastructuren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-6618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-10.61% / 95.24%
||
7 Day CHG~0.00%
Published-05 Nov, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25759
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.27% / 80.96%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 19:28
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsr-500_firmwaredsr-1000_firmwaredsr-500dsr-500n_firmwaredsr-150dsr-250ndsr-150ndsr-250n_firmwaredsr-1000n_firmwaredsr-250dsr-150n_firmwaredsr-500acdsr-1000ac_firmwaredsr-150_firmwaredsr-1000dsr-1000acdsr-500ac_firmwaredsr-500ndsr-250_firmwaredsr-1000nn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1650
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.48% / 87.66%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 15:00
Updated-20 Nov, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-vedge_2000sd-wanvedge_100_firmwarevbond_orchestratorvedge_5000_firmwarevedge_1000_firmwarevedge_5000vsmart_controllervedge_100vmanage_network_managementvedge_2000_firmwarevedge_1000Cisco SD-WAN Solution
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-1652
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-95.92% / 99.87%
||
7 Day CHG~0.00%
Published-24 Jan, 2019 | 16:00
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv320_firmwarerv325_firmwarerv325rv320Cisco Small Business RV Series Router FirmwareSmall Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29897
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.1||CRITICAL
EPSS-1.18% / 63.93%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:25
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.

Action-Not Available
Vendor-Phoenix Contact GmbH & Co. KG
Product-rad-ism-900-en-bdrad-ism-900-en-bd_firmwarerad-ism-900-en-bd\/brad-ism-900-en-bd-busrad-ism-900-en-bd\/b_firmwarerad-ism-900-en-bd-bus_firmwareRAD-ISM-900-EN-BDRAD-ISM-900-EN-BD/BRAD-ISM-900-EN-BD-BUS
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16005
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-3.51% / 87.77%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:45
Updated-15 Nov, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Webex Video Mesh Node Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-collaboration_meeting_roomswebex_video_meshCisco Webex Video Mesh
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15957
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.2||HIGH
EPSS-3.25% / 86.79%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv325_dual_gigabit_wan_wf_vpn_routerrv042g_dual_gigabit_wan_vpnrv082_dual_wan_vpn_router_firmwarerv082_dual_wan_vpn_routerrv320_firmwarerv320_dual_gigabit_wan_vpn_routerrv016_multi-wan_vpnrv042g_dual_gigabit_wan_vpn_firmwarerv325_firmwarerv016_multi-wan_vpn_firmwarerv042_dual_wan_vpnCisco Small Business RV Series Router Firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14894
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-4.08% / 89.46%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 17:53
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-cloudforms_management_engineCloudForms
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-1696
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-2.65% / 83.79%
||
7 Day CHG~0.00%
Published-20 Dec, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.

Action-Not Available
Vendor-IBM Corporation
Product-qradar_security_information_and_event_managerSecurity QRadar SIEM
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0020
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9||HIGH
EPSS-32.03% / 98.10%
||
7 Day CHG~0.00%
Published-10 Feb, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_2000windows_2003_servern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2016-10808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.32% / 67.31%
||
7 Day CHG~0.00%
Published-07 Aug, 2019 | 12:29
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12689
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-3.12% / 86.26%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12687
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.39% / 87.36%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2008-5709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-3.35% / 87.21%
||
7 Day CHG~0.00%
Published-24 Dec, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.

Action-Not Available
Vendor-n/aAvaya LLC
Product-communication_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12688
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.39% / 87.36%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 19:06
Updated-26 Nov, 2024 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_firewall_management_centerCisco Firepower Management Center
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11967
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 15:22
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-2.58% / 83.35%
||
7 Day CHG~0.00%
Published-27 Apr, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-encapsn/a
Product-encapsgalleryn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-2392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-4.28% / 89.90%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-0892
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9||HIGH
EPSS-14.02% / 96.11%
||
7 Day CHG~0.00%
Published-16 Apr, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-directory_serverfedora_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1277
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-8.25% / 94.22%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.

Action-Not Available
Vendor-mailenablen/a
Product-mailenable_professionalmailenable_enterprisen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11968
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-3.46% / 87.61%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 15:22
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2019-11980
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-1.54% / 71.93%
||
7 Day CHG~0.00%
Published-05 Jun, 2019 | 15:28
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centerHPE Intelligent Management Center (IMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-1.76% / 75.33%
||
7 Day CHG~0.00%
Published-10 Nov, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.

Action-Not Available
Vendor-openbase_international_ltdn/a
Product-openbasen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2007-5066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-2.44% / 82.35%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.

Action-Not Available
Vendor-n/aWebmin
Product-webminn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-20797
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.50% / 71.19%
||
7 Day CHG~0.00%
Published-27 May, 2022 | 14:06
Updated-06 Nov, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-secure_network_analyticsCisco Stealthwatch Enterprise
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-12492
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-8.8||HIGH
EPSS-5.72% / 92.11%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2019-10973
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.2||HIGH
EPSS-2.42% / 82.13%
||
7 Day CHG~0.00%
Published-08 Jul, 2019 | 17:25
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

Action-Not Available
Vendor-n/aQuest Software, Inc.
Product-kace_systems_management_applianceQuest KACE
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12226
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-3.24% / 86.75%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ios_xeCisco IOS XE
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-264
Not Available
CVE-2019-0721
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.1||CRITICAL
EPSS-10.34% / 95.15%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10WindowsWindows Server, version 1903 (Server Core installation)Windows ServerWindows 10 Version 1903 for x64-based Systems
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found