VARIoT IoT vulnerabilities database

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Windows for Intel Unite(R) Client Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel SSD Data Center Tool (Intel SSD DCT) is a solid state drive management tool developed by Intel Corporation. The product supports configuration of SSDs using PCIe and SATA and detects the status of SSDs

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. The following products and models are affected: Intel Computing Improvement Program versions prior to 2.4.5982

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. Intel(R) VTune(TM) Profiler has a security vulnerability in the installer prior to 2021.1.1. The vulnerability stems from insecure inherited permissions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Processor Diagnostic Tool (IPDT) is a processor function diagnostic tool of Intel Corporation

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb has an operating system command injection vulnerability. The following products and versions are affected: FortiWeb: Version 6.3.7 and earlier, Version 6.2.3 and earlier, 6.1.x, 6.0.x, 5.9.x

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei AnyOffice is an application software of China Huawei (Huawei). A mobile office solution

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SPS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. BIG-IP APM has an access control error vulnerability due to improper access restrictions. The following products and versions are affected: BIG-IP APM: 11.6.1, 11.6.1 HF1, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.0 HF1, 12.1.1, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.4, 12.1.4 , 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.6, 13.1.0.8, 13.1.1, 13.1 .1.2, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.3.6 2, 14.1.0, 14.1.0.3.0.79.6 ENG Hotfix, 14.1.0.3.0.97.6 ENG Hotfix, 14.1.0.3.0.99.6 ENG Hotfix, 14.1.0.5.0.15.5 ENG Hotfix, 14.1.0.5.0.36.5 ENG Hotfix, 14.1.0.5.0.40.5 ENG Hotfix, 14.1.0.6, 14.1.0.6.0.11.9 ENG Hotfix, 14.1.0.6.0.14.9 ENG Hotfix, 14.1.0.6.0.68.9 ENG Hotfix, 14.1.0.6.0.70.9 ENG Hotfix, 14.1.1, 14.1. 2, 14.1.2-0.89.37, 14.1.2.0.11

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. Synology DiskStation Manager Is vulnerable to a heap-based buffer overflow. Zero Day Initiative To this vulnerability ZDI-CAN-12326 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Synology DiskStation DS418play is a network device of China Synology Corporation. Provides a storage function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Netatalk: Multiple Vulnerabilities including root remote code execution Date: November 01, 2023 Bugs: #837623, #881259, #915354 ID: 202311-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Netatalk, which could lead to remote code execution Background ========== Netatalk is a kernel level implementation of the AppleTalk Protocol Suite, which allows Unix hosts to act as file, print, and time servers for Apple computers. It includes several script utilities, including etc2ps.sh. Affected packages ================= Package Vulnerable Unaffected --------------- ------------ ------------ net-fs/netatalk < 3.1.18 >= 3.1.18 Description =========== Multiple vulnerabilities have been discovered in Netatalk. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Netatalk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/netatalk-3.1.18" References ========== [ 1 ] CVE-2021-31439 https://nvd.nist.gov/vuln/detail/CVE-2021-31439 [ 2 ] CVE-2022-0194 https://nvd.nist.gov/vuln/detail/CVE-2022-0194 [ 3 ] CVE-2022-22995 https://nvd.nist.gov/vuln/detail/CVE-2022-22995 [ 4 ] CVE-2022-23121 https://nvd.nist.gov/vuln/detail/CVE-2022-23121 [ 5 ] CVE-2022-23122 https://nvd.nist.gov/vuln/detail/CVE-2022-23122 [ 6 ] CVE-2022-23123 https://nvd.nist.gov/vuln/detail/CVE-2022-23123 [ 7 ] CVE-2022-23124 https://nvd.nist.gov/vuln/detail/CVE-2022-23124 [ 8 ] CVE-2022-23125 https://nvd.nist.gov/vuln/detail/CVE-2022-23125 [ 9 ] CVE-2022-45188 https://nvd.nist.gov/vuln/detail/CVE-2022-45188 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (bullseye), these problems have been fixed in version 3.1.12~ds-8+deb11u1. We recommend that you upgrade your netatalk packages. For the detailed security status of netatalk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/netatalk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmULMA8ACgkQEMKTtsN8 TjYw9xAArA2NN4zvH7wC6Itn5ry9kZhQS4BhkCk10WXd0L77k2qzRRTMMw9OBmNn Lk5w3/9oJhqBmtNkLerfBCSMA1aQFQfWOefJnywY/2lYYSS6Uc18Xze78CW4w2O1 /EkK836N6vSVuptjlcvTFGc61XUpbaZJ8CN4ipb2A0tNgp7Ja+Hrz4RgnrS2ppKP gmNuZ5iDcX9N9PohNPTnHc4jQkRscuPN1lsPDrc0OP4E2V7oFm8G7EKexO9BtREq eznaj0Bkcbvddquqz4dnPXOYjkXzoedvGYmI2J5EigIiBMNugL02zExbuhVCmVNl it29LDVAbgNpPgbUi9NRRe9EMXHI+XFgp/xB34jtyq3617SBPLelLBP/e41Bqnua E8C+37uxvIcSgbVibpzhtHkiXTffOpqR3mduXG/VrbuvqO7yzw1sjXrks867wV1Q rQPbX1O99sY+wg69jdyS/QTUQYHkDSGW2Ud+9u7Pv6Bkh/ibXIxHcNiWKaE2LPJi a8mWurmV/r4l325E09jJGxZON4CKiU50+FMKLi8Eo+uXdKDL+dyey9GQBBWQIU0n zg4oJQ/59oGnTib2C52hyZU6xtQbdCceqP2M+4/x75xtCkR5pLcvTnDqRBvnyYBv REbFCz3X46cdxzkbeu/SQWIBLAGXv7yktz8YX8y5Q6h4798FpVY= =jmG2 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6146-1 June 08, 2023 netatalk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in Netatalk. Software Description: - netatalk: Apple Filing Protocol service Details: It was discovered that Netatalk did not properly validate the length of user-supplied data in the DSI structures. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-0194) It was discovered that Netatalk did not properly handle errors when parsing AppleDouble entries. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-43634) It was discovered that Netatalk did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted .appl file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-45188) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: netatalk 3.1.13~ds-2ubuntu0.22.10.1 Ubuntu 22.04 LTS: netatalk 3.1.12~ds-9ubuntu0.22.04.1 Ubuntu 20.04 LTS: netatalk 3.1.12~ds-4ubuntu0.20.04.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): netatalk 2.2.6-1ubuntu0.18.04.2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): netatalk 2.2.5-1ubuntu0.2+esm1 Ubuntu 14.04 LTS (Available with Ubuntu Pro): netatalk 2.2.2-1ubuntu2.2+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6146-1 CVE-2021-31439, CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-43634, CVE-2022-45188 Package Information: https://launchpad.net/ubuntu/+source/netatalk/3.1.13~ds-2ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.1

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP ASM Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. BIG-IP ASM has an input validation error vulnerability due to insufficient validation of user-supplied input. The following products and versions are affected: BIG-IP ASM: 12.1.0, 12.1.0 HF1, 12.1.1, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2 , 12.1.3.4, 12.1.4, 12.1.5, 12.1.5.1, 12.1.5.2, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.6, 13.1.0.8, 13.1 .1, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.4, 14.1.0, 14.1.0.3.0.79.6 ENG Hotfix, 14.1.0.3.0.97.6 ENG Hotfix, 14.1.0.3 .0.99.6 ENG Hotfix, 14.1.0.5.0.15.5 ENG Hotfix, 14.1.0.5.0.36.5 ENG Hotfix, 14.1.0.5.0.40.5 ENG Hotfix, 14.1.0.6, 14.1.0.6.0.11.9 ENG Hotfix , 14.1.0.6.0.14.9 ENG Hotfix, 14.1.0.6.0.68.9 ENG Hotfix, 14.1.0.6.0.70.9 ENG Hotfix, 14.1.1, 14.1.2, 14.1.2-0.89.37, 14.1.2.0 .11.37 ENG Hotfix, 14.1.2.0.18.37 ENG Hotfix, 14.1.2.0.32.37 ENG Hotfix, 14.1.2.1, 14.1.2.1.0.14.4 ENG Hotfix, 14.1.2.1

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. An authorization issue vulnerability exists in BIG-IP APM due to an error in processing authentication requests. The following products and versions are affected: BIG-IP APM: 11.5.2, 11.5.3, 11.5.4, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5 .10, 12.1.0, 12.1.0 HF1, 12.1.1, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.4, 12.1.4, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.6, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1. 1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.3.6 2, 14.1.0, 14.1.0.3.0.79.6 ENG Hotfix, 14.1.0.3.0.97 .6 ENG Hotfix, 14.1.0.3.0.99.6 ENG Hotfix, 14.1.0.5.0.15.5 ENG Hotfix, 14.1.0.5.0.36.5 ENG Hotfix, 14.1.0.5.0.40.5 ENG Hotfix, 14.1.0.6, 14.1 .0.6.0.11.9 ENG Hotfix, 14.1.0.6.0.14.9 ENG Hotfix, 14.1.0.6.0.68.9 ENG Hotfix, 14.1.0.6.0.70.9 ENG Hotfix, 14.1.1, 14.1.2, 14.1.2 -0.89.37, 14.1.2.0.11

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. Cisco SD-WAN vManage The software contains a vulnerability related to lack of authentication.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco