CWE-264
395 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-264page 5 of 8
- CVE-2019-1723CRITICALCVSS 9.8EG 9.82019-03-13
A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have adminis…
- CVE-2019-1727MEDIUMCVSS 6.7EG 6.72019-05-15
A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is…
- CVE-2019-1730MEDIUMCVSS 6.7EG 6.72019-05-15
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network…
- CVE-2019-17322MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User inte…
- CVE-2019-17326MEDIUMCVSS 6.5EG 6.52019-10-30
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the targe…
- CVE-2019-1803MEDIUMCVSS 6.7EG 6.72019-05-03
A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges a…
- CVE-2019-1855HIGHCVSS 7.3EG 7.32019-07-04
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need…
- CVE-2019-1889HIGHCVSS 7.2EG 7.22019-07-04
A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vu…
- CVE-2019-18945HIGHCVSS 7.3EG 7.32021-02-26
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
- CVE-2019-1906MEDIUMCVSS 6.5EG 6.52019-06-20
A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to…
- CVE-2019-19100HIGHCVSS 7.5EG 7.52020-04-29
A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <. 4.6.3SP, < 4.7.2 and < 4.8.1 allow authenticated users to delete arbitrary files via an…
- CVE-2019-19106CRITICALCVSS 9.1EG 9.12020-04-22
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application …
- CVE-2019-19107MEDIUMCVSS 6.2EG 6.22020-04-22
The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).
- CVE-2019-1966HIGHCVSS 7.8EG 7.82019-08-30
A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected …
- CVE-2019-1969MEDIUMCVSS 5.3EG 5.32019-08-30
A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device,…
- CVE-2019-1972MEDIUMCVSS 6.7EG 6.72019-08-08
A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVIS) restricted CLI could allow an authenticated, local attacker with valid administrator-level credentials to elevate privileges and execute arbitrary commands on the und…
- CVE-2019-1978MEDIUMCVSS 5.8EG 5.82019-11-05
A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to byp…
- CVE-2019-1980MEDIUMCVSS 5.3EG 5.32019-11-05
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to by…
- CVE-2019-1981MEDIUMCVSS 5.8EG 5.82019-11-05
A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to byp…
- CVE-2019-1982MEDIUMCVSS 5.3EG 5.32019-11-05
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker t…
- CVE-2019-2003HIGHCVSS 8.8EG 8.82019-06-19
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed fo…
- CVE-2019-2102HIGHCVSS 8.8EG 8.82019-06-07
In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a…
- CVE-2019-2122HIGHCVSS 7.3EG 7.32019-08-20
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no ad…
- CVE-2019-3475HIGHCVSS 7.8EG 7.82019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Secur…
- CVE-2019-3637MEDIUMCVSS 6.7EG 6.72019-08-14
Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges.
- CVE-2019-3779HIGHCVSS 8.8EG 8.82019-03-08
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a…
- CVE-2019-6195MEDIUMCVSS 4.8EG 4.82020-02-14
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged info…
- CVE-2019-9637HIGHCVSS 7.5EG 7.52019-03-09
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while …
- CVE-2019-9768HIGHCVSS 7.5EG 7.52019-03-14
Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token.
- CVE-2020-11933HIGHCVSS 7.3EG 7.32020-07-29
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitr…
- CVE-2020-12028HIGHCVSS 7.3EG 8.12020-07-20
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automa…
- CVE-2020-13922MEDIUMCVSS 6.5EG 6.52021-01-11
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
- CVE-2020-1619MEDIUMCVSS 6.0EG 6.02020-04-08
A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL ho…
- CVE-2020-1630MEDIUMCVSS 5.0EG 5.02020-04-08
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the s…
- CVE-2020-3112HIGHCVSS 8.8EG 8.82020-02-19
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation…
- CVE-2020-3115HIGHCVSS 8.8EG 8.82020-01-26
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficie…
- CVE-2020-3180HIGHCVSS 7.8EG 7.82020-07-16
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exis…
- CVE-2020-3208MEDIUMCVSS 6.7EG 6.72020-06-03
A vulnerability in the image verification feature of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) could allow an authenticated, local attacker to boot a malicious software image on an af…
- CVE-2020-3213MEDIUMCVSS 6.7EG 6.72020-06-03
A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for spe…
- CVE-2020-3214MEDIUMCVSS 6.7EG 6.72020-06-03
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vul…
- CVE-2020-3215MEDIUMCVSS 6.7EG 6.72020-06-03
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supp…
- CVE-2020-3227CRITICALCVSS 9.8EG 9.82020-06-03
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The…
- CVE-2020-3229HIGHCVSS 8.8EG 8.82020-06-03
A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerabili…
- CVE-2020-3265HIGHCVSS 7.8EG 7.82020-03-19
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could e…
- CVE-2020-3379HIGHCVSS 7.8EG 7.82020-07-16
A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacke…
- CVE-2020-3426HIGHCVSS 7.5EG 7.52020-09-24
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) c…
- CVE-2020-3443HIGHCVSS 8.8EG 8.82020-08-26
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges. The vulnerability is due to insufficient authorization o…
- CVE-2020-3473HIGHCVSS 7.8EG 7.82020-09-04
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is …
- CVE-2020-3485MEDIUMCVSS 6.3EG 6.32020-08-26
A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access resources that they should not be able to…
- CVE-2020-3530HIGHCVSS 8.4EG 8.42020-09-04
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must …
Map vulnerabilities like CWE-264 to your infrastructure
EchelonGraph correlates every CVE — across CWE-264 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →