Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-12213 | Improper Authentication vulnerability in Cisco IOS XE A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. | 4.3 |
| 2017-09-07 | CVE-2017-14147 | Improper Authentication vulnerability in Fiberhome Adsl An1020-25 Firmware An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. | 9.8 |
| 2017-09-07 | CVE-2015-3442 | Improper Authentication vulnerability in Soreco Xpert.Line 3.0 Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | 9.8 |
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 5.9 |
| 2017-09-01 | CVE-2015-7746 | Improper Authentication vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 9.8 |
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 8.1 |
| 2017-08-30 | CVE-2017-12698 | Improper Authentication vulnerability in Advantech Webaccess An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 9.8 |
| 2017-08-28 | CVE-2015-8332 | Improper Authentication vulnerability in Huawei Vcm5010 Firmware and Vcm5020 Firmware Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | 8.8 |
| 2017-08-28 | CVE-2015-1401 | Improper Authentication vulnerability in Ldap / SSO Authentication Project Ldap / SSO Authentication 2.0.0 Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | 9.8 |
| 2017-08-25 | CVE-2017-7934 | Improper Authentication vulnerability in Osisoft PI Data Archive An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. | 5.9 |