Description: An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3 Impact: An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead...
Read More
Description: A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious...
Read More
Description: The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be...
Read More
Description: Cisco ASA Next-Generation Firewall Services is prone to a remote security-bypass vulnerability. Impact: Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug CSCvd97962. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.securityfocus.com/bid/101915/info https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
Description: WPA2 is prone to multiple security weaknesses. Impact: Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. This may aid in further attacks. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.krackattacks.com/ https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa https://github.com/stevenhoneyman/wpa_gui/tree/master/wpa_supplicant-2.4
