A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm.
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication.
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default passwor
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this v
Page 1+ Next →