Mohammed Adel

#11407of 53,632
24.1Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2025-50974
8.8
2025-12-12
Atcom · Atcom 100M Ip Phones · CVE-2024-58314
**Name of the Vulnerable Software and Affected Versions** Atcom 100M IP Phones versions 2.7.x.x **Description** The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The `cmd` parameter within the 'web cgi main.cgi' script is the point of injection, enabling remote code execution with administrative credentials. **Recommendations** Apply updates to address the issue in versions prior to a fixed version. As a temporary workaround, restrict access to the 'web cgi main.cgi' script to minimize the risk of exploitation. Avoid using the `cmd` parameter in the affected script until the issue is resolved.
PT-2024-5066
10
2024-07-17
Cisco · Cisco Smart Software Manager On-Prem · CVE-2024-20419
Name of the Vulnerable Software and Affected Versions: Cisco Smart Software Manager On-Prem versions 8-202206 and earlier Description: A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user. Recommendations: For Cisco Smart Software Manager On-Prem versions 8-202206 and earlier, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the affected device to minimize the risk of exploitation. Avoid using the vulnerable authentication system until the issue is resolved.
PT-2022-13110
5.3
2022-03-29
Sophos · Sophos Firewall · CVE-2022-0331
**Name of the Vulnerable Software and Affected Versions** Sophos Firewall versions prior to v18.5 MR3 **Description** An information disclosure issue in Webadmin allows an unauthenticated remote attacker to read the device serial number. **Recommendations** For Sophos Firewall versions prior to v18.5 MR3, update to a version newer than v18.5 MR2 to resolve the issue.