SecOps and DevOps: From Cooperation to Automation

0 Comments
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-1479
PUBLISHED: 2021-04-08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
For more information about these vulnerabilities, see the Details section…

CVE-2021-1480
PUBLISHED: 2021-04-08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system.
For more information about these vulnerabilities, see the Details section…

CVE-2021-1485
PUBLISHED: 2021-04-08

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system (OS) of an affected device.
This vulnerability is due to insufficient input validation of com…

CVE-2021-28174
PUBLISHED: 2021-04-08

Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login.

CVE-2021-1413
PUBLISHED: 2021-04-08

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device.
These v…