Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/
Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ri
An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges.
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.
This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connec
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.
Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28747
CRITICAL CVSS 9.8
Find Similar
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that caus
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access.
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unaut
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary wit
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary wit
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the a
Page 1+ Next →