Cisco | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Phantom Secrets: Undetected Secrets Expose Major Corporations	Information Disclosure	Mozilla Cisco Git	Yakir Kadkoda Ilay Goldman (@GoldmanIlay)
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM	BIOS Jailbreaking	Cisco	Aaron Thacker (@Thackeraaron)
Multiple vulnerabilities in Cisco Unified Communications Manager version 11.5.1	Insecure Deserialization RCE Local Privilege Escalation	Cisco	Julien Egloff
SMTP Smuggling - Spoofing E-Mails Worldwide	SMTP Smuggling	Microsoft Cisco GMX	Timo Longin (@Timolongin)
Cisco BroadWorks CommPilot Application Software Unauthenticated Server-Side Request Forgery (CVE-2022-20951)	SSRF Security Code Review	Cisco	Smaury (@Smaury92) Andrea Cappa (@Zi0Black) Th3Zer0 (@Th3Zer0)
CVE-2022-20942: It's not old functionality, it's vintage	Information Disclosure	Cisco	Silver Security (@SugarFiendSec)
SSD Advisory – Cisco Secure Manager Appliance jwt_api_impl Hardcoded JWT Secret Elevation of Privilege	Hardcoded Credentials Security Code Review JWT Privilege Escalation	Cisco	-
SSD Advisory – Cisco Secure Manager Appliance remediation_request_utils SQL Injection Remote Code Execution	SQL Injection RCE Security Code Review	Cisco	-
Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length	Layer 2 Networking Vulnerability Ethernet MiTM DoS	Microsoft Cisco	Etienne Champetier / Champtar
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software	RCE OS Command Injection Local Privilege Escalation MiTM	Cisco	Jake Baines (@Junior_Baines)
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling	HTTP Request Smuggling Desync Attack	AWS Amazon Akamai Cisco Verisign Pulse Secure Varnish	James Kettle (@Albinowax)
Advisory: Cisco Small Business RV Series Routers Web Filter Database Update Command Injection Vulnerability	OS Command Injection RCE	Cisco	Quentin Kaiser (@QKaiser)
Bug: Cisco IOS SNMPv3 ACL Issues	Information Disclosure	Cisco	Gerry Gosselin (@GgPixelHealth)
Blinding Snort: Breaking The Modbus OT Preprocessor	Memory Corruption	Cisco	Claroty's Team82 (@Claroty)
Multiple Vulnerabilities in Cisco Expressway	Memory Leak Exposed Administrative Interface STUN TURN	Cisco	Christian Mehlmauer (@Firefart)
Pwning a Cisco RV340 with a 4 bug chain exploit	Local Privilege Escalation OS Command Injection RCE Session Management Issue	Cisco	Liv (@TerminatorLM)
Unauthenticated Remote Code Execution in Cisco Nexus Dashboard Fabric Controller (formerly DCNM)	Insecure Deserialization Local Privilege Escalation RCE	Cisco	Pedro Ribeiro (@Pedrib1337)
Advisory: Cisco RV340 Dual WAN Gigabit VPN Router (RCE over LAN)	RCE Unrestricted File Upload OS Command Injection	Cisco	Quentin Kaiser (@QKaiser)
flashback_connects (Cisco RV340 SSL VPN Unauthenticated Remote Code Execution as root)	Memory Corruption	Cisco	Pedro Ribeiro (@Pedrib1337) Radek Domanski (@RabbitPro)
Weaponizing Middleboxes for TCP Reflected Amplification	DoS	Check Point Cisco F5 Fortinet Juniper Netscout Palo Alto SonicWall Sucuri	Kevin Bock Abdulrahman Alaraj Yair Fax Kyle Hurley Eric Wustrow Dave Levin
Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution	Authentication Bypass OS Command Injection RCE	Cisco	T. Shiomitsu
SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover	RCE SSRF Arbitrary File Write Path Traversal OS Command Injection Local Privilege Escalation	Cisco	Realmode Labs (@RealmodeLabs)
Pentesting Cisco SD-WAN Part 2: Breaking Routers	OS Command Injection Security Code Review	Cisco	Julien Legras (@Julien_Legras) Thomas Etrillard
Pentesting Cisco SD-WAN Part 1: Attacking vManage	Cypher Injection Stored XSS	Cisco	Julien Legras (@Julien_Legras) Thomas Etrillard

Page 1 of 1