Logo
Hamburger Menu Icon
Yoroi Background

Tag: saguri

CVE Advisory - Partial Disclosure Cisco ISE Multiple Vulnerabilities

Introduction Initially three vulnerabilities were discovered, which are described here: https://yoroi.company/?s=saguri. Further research prompted the discovery of four other vulnerabilities including a Command Injection, which if exploited allows one to gain root access to the system shell.Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable […]

Read More

CVE Advisory - Partial Disclosure Cisco ISE Broken Access Control

Introduction Through the internal project called Saguri, we started with the analysis of the Cisco Identity Service Engine - 3.1.0.518-Patch3-22042809, the Cisco ISE is a useful tool in the management of one's own network and not only, it allows the implementation and application in a dynamic and automated way of security and 'management' policies, simplifying […]

Read More

CVE Advisory - Full Disclosure Multiple Vulnerabilities

Introduction During a security assessment on FusionDirectory version 1.3 two criticalities have been identified.FusionDirectory allows to manage data archived in LDAP directories so, as you might imagine, security problems leading to an exposure of personal and enterprise could have a serious impact on the business. Advisory https://github.com/fusiondirectory/fusiondirectory/commit/cb349516a641e5933a7f0e0dd3df481b21e7455f CVE-2022-36180 - Cross Site Scripting – CWE 79 […]

Read More

CVE Advisory - Partial Disclosure Cisco ISE Cross Site Scripting

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service En-gine (ver. 3.1.0.518-Patch3-22042809).Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have access […]

Read More

CVE Advisory - Partial Disclosure CISCO ISE Path Traversal

Introduction In July 2022 the Yoroi advisory team, in the context of its internal project Saguri, started analysing the Cisco Identity Service Engine (ver. 3.1.0.518-Patch3-22042809). Cisco ISE is a network management tool which allows definition and implementation of security and management policies, which enable precise controls over who can access the network, what they have […]

Read More
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram