Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-17 | CVE-2023-34215 | Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1/3.2/3.3 TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. | 9.8 |
| 2023-08-17 | CVE-2023-33238 | Command Injection vulnerability in Moxa Tn-4900 Firmware and Tn-5900 Firmware TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. | 9.8 |
| 2023-08-17 | CVE-2023-33239 | Command Injection vulnerability in Moxa Tn-4900 Firmware and Tn-5900 Firmware TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. | 9.8 |
| 2023-08-17 | CVE-2023-34213 | Command Injection vulnerability in Moxa Tn-5900 Firmware 3.1/3.2/3.3 TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. | 9.8 |
| 2023-08-17 | CVE-2023-34214 | Command Injection vulnerability in Moxa Tn-4900 Firmware and Tn-5900 Firmware TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. | 9.8 |
| 2023-08-16 | CVE-2023-20013 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20017 | Command Injection vulnerability in Cisco Intersight Private Virtual Appliance 1.0.9 Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. | 9.1 |
| 2023-08-16 | CVE-2023-20237 | Command Injection vulnerability in Cisco Intersight Virtual Appliance A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. | 4.3 |
| 2023-08-16 | CVE-2023-20209 | Command Injection vulnerability in Cisco Telepresence Video Communication Server 14.0/14.0.5/14.0.7 A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 7.2 |
| 2023-08-15 | CVE-2023-38864 | Command Injection vulnerability in Comfast Cf-Xr11 Firmware 2.7.2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | 9.8 |