CWE-287

High likelihood

Improper Authentication

Parent: CWE-284 - Improper Access Control

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

4,372 vulnerabilities with CWE-287
CVE-2017-2332 HIGH
Juniper Networks NorthStar Controller <2.1.0 - Privilege Escalation
CVSS 8.8
CVE-2017-2329 MEDIUM
Juniper NorthStar Controller < 2.1.0 Service Pack 1 - Authenticated Denial of Service via System File Execution
CVSS 6.2
CVE-2017-2319 HIGH
Juniper Networks NorthStar Controller App <2.1.0-SP1 - Info Disclosure
CVSS 8.3
CVE-2017-8078 MEDIUM
TP-Link TL-SG108E Firmware 1.1.2 Build 20141017 Rel.50749 - Unauthenticated Firmware Upgrade via httpupg.cgi
CVSS 5.3
CVE-2017-6617 MEDIUM
Cisco Integrated Management Controller 3.0(1c) - Unauthenticated Session Hijacking via Session Identifier Reuse
CVSS 5.4
CVE-2017-7284 HIGH
Unitrends Enterprise Backup <9.1.2 - Privilege Escalation
CVSS 8.8
CVE-2017-7588 CRITICAL
Brother MFC/DCP/ADS/HL Firmware - Improper Authentication via AuthCookie Exposure
CVSS 9.8
CVE-2017-7450 CRITICAL
AIRTAME HDMI dongle <2.2.0 - Info Disclosure
CVSS 9.8
CVE-2017-2689 HIGH
Siemens RUGGEDCOM ROX I - Authenticated Improper Authorization via Web Interface
CVSS 8.8
CVE-2017-5237 HIGH
Eview EV-07S GPS Tracker - Info Disclosure
CVSS 7.5
CVE-2017-3880 MEDIUM
Cisco WebEx Meetings Server - Auth Bypass
CVSS 6.5
CVE-2017-3867 MEDIUM
Cisco Adaptive Security Appliance Software - Unauthenticated Access Control Bypass via BGP BFD Implementation
CVSS 5.3
CVE-2017-6967 HIGH
xrdp 0.9.1 - Improper Authentication via PAM Session Initialization
CVSS 7.3
CVE-2017-0100 HIGH
Windows HelpPane - Privilege Escalation via DCOM Object
CVSS 7.8
CVE-2017-3854 HIGH
Cisco Wireless LAN Controller - Privilege Escalation
CVSS 8.8
CVE-2017-3831 CRITICAL
Cisco Mobility Express 1800 Series - Auth Bypass
CVSS 9.8
CVE-2017-5619 CRITICAL
Zammad < 1.0.4, 1.1.x < 1.1.3, 1.2.x < 1.2.1 - Improper Authentication via Hashed Password
CVSS 9.8
CVE-2017-6526 CRITICAL
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Remote Code Execution via sysAdmin.cgi
CVSS 9.8
CVE-2017-6549 HIGH
ASUS RT-AC53 and other routers - Session Hijacking via HTTP Header Manipulation
CVSS 8.8
CVE-2017-6104 HIGH
Wordpress Plugin Mobile App Native 3.0 - Remote File Upload
CVSS 7.5
CVE-2017-6413 HIGH
mod_auth_openidc < 2.1.6 - Authentication Bypass via OIDC_CLAIM_ and OIDCAuthNHeader Headers
CVSS 8.6
CVE-2017-6062 HIGH
mod_auth_openidc < 2.1.5 - Authentication Bypass via OIDC_CLAIM_ and OIDCAuthNHeader Headers
CVSS 8.6
CVE-2017-6343 HIGH
Dahua NVR 3.210.0001.10, Camera 2.400.0000.28.R, SmartPSS 1.16.1 - Improper Authentication via MD5 Admin Hash
CVSS 8.1
CVE-2017-5152 CRITICAL
Advantech WebAccess <8.1 - Auth Bypass
CVSS 9.1
CVE-2017-2765 CRITICAL
EMC Isilon InsightIQ 3.0.0-4.1.0 - Authentication Bypass
CVSS 9.8
Details
Vulnerabilities 4,372
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits