Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-27122 Improper Privilege Management vulnerability in Cisco Identity Services Engine
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device.
local
low complexity
cisco CWE-269
6.7
2020-11-02 CVE-2020-28046 Improper Privilege Management vulnerability in PAX Prolinos 2.4.161.8859R
An issue was discovered in ProlinOS through 2.4.161.8859R.
local
low complexity
pax CWE-269
7.8
2020-10-29 CVE-2020-27655 Improper Privilege Management vulnerability in Synology Router Manager
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
network
low complexity
synology CWE-269
critical
10.0
2020-10-29 CVE-2020-27654 Improper Privilege Management vulnerability in Synology Router Manager
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
network
low complexity
synology CWE-269
critical
9.8
2020-10-28 CVE-2020-16262 Improper Privilege Management vulnerability in Winstonprivacy Winston Firmware 1.5.4
Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.
local
low complexity
winstonprivacy CWE-269
7.8
2020-10-26 CVE-2020-7125 Improper Privilege Management vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
network
low complexity
arubanetworks CWE-269
8.8
2020-10-23 CVE-2020-24848 Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL].
local
low complexity
fruitywifi-project CWE-269
7.8
2020-10-22 CVE-2020-7020 Improper Privilege Management vulnerability in Elastic Elasticsearch
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.
network
high complexity
elastic CWE-269
3.1
2020-10-19 CVE-2020-9112 Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability.
local
low complexity
huawei CWE-269
7.8
2020-10-15 CVE-2020-7334 Improper Privilege Management vulnerability in Mcafee Application and Change Control
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer.
local
low complexity
mcafee CWE-269
8.2