Critical Linux Kernel Bug Allows Remote Takeover

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.

This advisory contains mitigations for Cross-site Request Forgery, OS Command Injection, Classic Buffer Overflow, Command Injection, Path Traversal, and Missing Encryption of Sensitive Data vulnerabilities in the Siemens SCALANCE software management platform.

The CTM-200 and CTM-ONE are vulnerable to hard-coded credentials within their Linux distribution image. This weakness can lead to the exposure of resources or functionality to unintended actors, providing attackers with sensitive information including executing arbitrary code.

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.