{"vulnerability": "CVE-2024-2051", "sightings": [{"uuid": "26cf9f1d-968f-468b-865d-f868cce28c97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20514", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.100987Z"}, {"uuid": "a3d62e15-7c3a-44d0-93f6-ae78b0df3e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20511", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.109448Z"}, {"uuid": "bdd0404b-b16d-4631-b165-c29c263a69d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20514", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.558055Z"}, {"uuid": "1ebfaee9-d659-49ad-b2d9-e7712618aea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20511", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.567732Z"}, {"uuid": "4a1553b5-bd6b-4c81-a449-7892c8218076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20514", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.831846Z"}, {"uuid": "f4f5e34a-ae4d-4d85-88e4-8f319da55b48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20511", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113442108664352339", "content": "", "creation_timestamp": "2024-11-07T14:20:08.838768Z"}, {"uuid": "6647d671-0efa-463d-a597-85f0eb83c2cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20512", "type": "seen", "source": "https://t.me/cvedetector/8106", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20512 - Cisco Unified Contact Center Management Portal Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20512 \nPublished : Oct. 16, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.  \n  \nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-16T19:44:21.000000Z"}, {"uuid": "07992011-0a22-4c86-9fd6-146a9679a245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20514", "type": "seen", "source": "https://t.me/cvedetector/10032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20514 - Cisco EPNM/Prime Infrastructure Stored XSS Attack\", \n  \"Content\": \"CVE ID : CVE-2024-20514 \nPublished : Nov. 6, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.  \n  \nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T19:10:57.000000Z"}, {"uuid": "059a0908-f15f-43df-b39a-84756455a344", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20511", "type": "seen", "source": "https://t.me/cvedetector/10031", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20511 - Cisco Unified Communications Manager/Cisco Unified Communications Manager Session Management Edition Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-20511 \nPublished : Nov. 6, 2024, 5:15 p.m. | 36\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.  \n  \nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-06T19:10:56.000000Z"}, {"uuid": "0fb96b32-3d7e-49a9-8224-220c1d42cc0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20510", "type": "seen", "source": "https://t.me/cvedetector/6337", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20510 - Cisco Wireless Controllers CWA ACL Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20510 \nPublished : Sept. 25, 2024, 5:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list (ACL), which could allow access to network resources before user authentication.  \n  \n This vulnerability is due to a logic error when activating the pre-authentication ACL that is received from the authentication, authorization, and accounting (AAA) server. An attacker could exploit this vulnerability by connecting to a wireless network that is configured for CWA and sending traffic through an affected device that should be denied by the configured ACL before user authentication. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device before the user authentication is completed, allowing the attacker to access trusted networks that the device might be protecting. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-25T20:13:03.000000Z"}, {"uuid": "d57b7aaa-2472-4ebd-9b5f-1bc7040a8a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2051", "type": "seen", "source": "https://t.me/ctinow/210779", "content": "https://ift.tt/LId2ti3\nCVE-2024-2051", "creation_timestamp": "2024-03-18T17:32:13.000000Z"}, {"uuid": "537bdfe1-a6fe-4dc5-9d13-efe16aa45710", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20515", "type": "seen", "source": "https://t.me/cvedetector/6857", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20515 - Cisco Identity Services Engine (ISE) Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20515 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.  \n  \nThis vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:45.000000Z"}, {"uuid": "0411c274-8e17-4767-9280-bbdf36d9074b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20513", "type": "seen", "source": "https://t.me/cvedetector/6865", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20513 - Cisco Meraki AnyConnect SSL VPN DoS\", \n  \"Content\": \"CVE ID : CVE-2024-20513 \nPublished : Oct. 2, 2024, 7:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device.  \n  \nThis vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. An unauthenticated attacker could exploit this vulnerability by brute forcing valid session handlers. An authenticated attacker could exploit this vulnerability by connecting to the AnyConnect VPN service of an affected device to retrieve a valid session handler and, based on that handler, predict further valid session handlers. The attacker would then send a crafted HTTPS request using the brute-forced or predicted session handler to the AnyConnect VPN server of the device. A successful exploit could allow the attacker to terminate targeted SSL VPN sessions, forcing remote users to initiate new VPN connections and reauthenticate. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T22:13:11.000000Z"}, {"uuid": "7b032187-9c7a-4f63-9727-78f02581024a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20519", "type": "seen", "source": "https://t.me/cvedetector/6853", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20519 - \"Cisco Small Business Router CSRF/Missing Input Validation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20519 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.  \n\u00a0  \nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:42.000000Z"}, {"uuid": "3c7097d3-7fd0-416b-926a-d6eb835bc41f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20518", "type": "seen", "source": "https://t.me/cvedetector/6852", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20518 - Cisco Small Business RV042/RV042G/RV320/RV325 Router Authenticated Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20518 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.  \n\u00a0  \nThis vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:38.000000Z"}, {"uuid": "72affff0-a559-4529-92ef-0572e734a20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20517", "type": "seen", "source": "https://t.me/cvedetector/6851", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20517 - \"Cisco Small Business Router HTTP DoS\"\", \n  \"Content\": \"CVE ID : CVE-2024-20517 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.  \n\u00a0  \nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:37.000000Z"}, {"uuid": "463a9f2d-16f5-4dd7-bd36-f9181444681b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20516", "type": "seen", "source": "https://t.me/cvedetector/6850", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20516 - Cisco Small Business RV Router HTTP Request Dos\", \n  \"Content\": \"CVE ID : CVE-2024-20516 \nPublished : Oct. 2, 2024, 5:15 p.m. | 23\u00a0minutes ago \nDescription : A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.  \n\u00a0  \nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-02T19:42:36.000000Z"}, {"uuid": "cad5ae62-8477-4cd7-871a-7459085e8e0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2051", "type": "seen", "source": "https://t.me/ctinow/210765", "content": "https://ift.tt/LId2ti3\nCVE-2024-2051", "creation_timestamp": "2024-03-18T17:27:05.000000Z"}]}