Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2018-08-06 |
Product | Network Assurance Engine | Last view | 2021-12-10 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
10 | 2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
7.1 | 2019-02-12 | CVE-2019-1688 | A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). |
7.5 | 2018-08-06 | CVE-2018-5390 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
40% (2) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
20% (1) | CWE-798 | Use of Hard-coded Credentials |
20% (1) | CWE-502 | Deserialization of Untrusted Data |
20% (1) | CWE-20 | Improper Input Validation |
SAINT Exploits
Description | Link |
---|---|
Apache Log4j JNDI message lookup vulnerability | More info here |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-10 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO |
2018-12-14 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL95343321.nasl - Type: ACT_GATHER_INFO |
2018-12-05 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0101.nasl - Type: ACT_GATHER_INFO |
2018-10-26 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1345.nasl - Type: ACT_GATHER_INFO |
2018-10-25 | Name: The remote EulerOS Virtualization host is missing a security update. File: EulerOS_SA-2018-1322.nasl - Type: ACT_GATHER_INFO |
2018-09-04 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1278.nasl - Type: ACT_GATHER_INFO |
2018-09-04 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1279.nasl - Type: ACT_GATHER_INFO |
2018-08-31 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-063.nasl - Type: ACT_GATHER_INFO |
2018-08-20 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-055.nasl - Type: ACT_GATHER_INFO |
2018-08-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1466.nasl - Type: ACT_GATHER_INFO |
2018-08-15 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-2384.nasl - Type: ACT_GATHER_INFO |
2018-08-15 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-2390.nasl - Type: ACT_GATHER_INFO |
2018-08-07 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1050.nasl - Type: ACT_GATHER_INFO |
2018-08-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1049.nasl - Type: ACT_GATHER_INFO |
2018-08-07 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4266.nasl - Type: ACT_GATHER_INFO |