Description: The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit...
Read More
Description: The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. Impact: Attackers can exploit this issue to reload the affected device, denying service to legitimate...
Read More
Description: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. Impact: Local attackers may exploit...
Read More
Description CVE-2017-7269: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://” in a PROPFIND request, as exploited in the wild in July or August 2016. Impact: Attackers can exploit this issue to execute arbitrary code in the...
Read More
Description: Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Impact: Local attackers may exploit this issue to gain elevated privileges. Mitigation: Updates are available. Please check the respective vendor advisory for more information. Reference URL’s: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636 https://access.redhat.com/security/cve/cve-2017-2636 https://security-tracker.debian.org/tracker/CVE-2017-2636 https://kalilinux.co/2017/03/17/cve-2017-2636-linux-kernel-flaw-can-local-privilege-escalation/#.WM-uEmclHIU
