RSS   Podatności dla
'Unity edgeconnect sd-wan firmware'
   RSS

2019-09-08
 
CVE-2019-16105

CWE-22
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory traversal via a rest/json/configdb/download/ URI.

 
 
CVE-2019-16104

CWE-79
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO.

 
 
CVE-2019-16103

CWE-264
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature.

 
 
CVE-2019-16102

CWE-20
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.

 
 
CVE-2019-16101

CWE-200
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to obtain potentially sensitive stack traces by sending incorrect JSON data to the REST API, such as the rest/json/banners URI.

 
 
CVE-2019-16100

CWE-20
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers to trigger a web-interface outage via slow client-side HTTP traffic from a single source.

 
 
CVE-2019-16099

CWE-352
 

 
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file.

 

 >>> Vendor: Silver-peak 6 Produkty
VX
Unity edgeconnect sd-wan firmware
Unity edgeconnect for amazon web services
Unity edgeconnect for azure
Unity edgeconnect for google cloud platform
Unity orchestrator


Copyright 2020, cxsecurity.com

 

Back to Top