Skip to main content

CWE-1244

Internal Asset Exposed to Unsafe Debug Access Level or State

10 CVEs Avg CVSS 6.2 MITRE
0
CRITICAL
3
HIGH
7
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-67862 MEDIUM This Month

Fortinet FortiOS and FortiProxy expose an internal debug interface (CWE-1244) that allows authenticated administrators to execute arbitrary Lua scripts through crafted CLI commands, exceeding their intended administrative scope. The vulnerability spans broad version ranges of both products, including FortiOS 6.4 through 7.6.2 and FortiProxy 7.0 through 7.6.3. While exploitation requires existing high-privilege (admin) access - limiting opportunistic attack surface - the CVSS temporal vector (E:P) confirms a proof-of-concept exploit exists, and the official fix is available (RL:O). No public exploit identified at time of analysis beyond the proof-of-concept, and this vulnerability is not listed in CISA KEV.

Fortinet Information Disclosure Fortios Fortiproxy
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-29642 HIGH This Week

Privileged CSR manipulation in XiangShan RISC-V processor core (commit aecf601e80, 2024-11-19) allows local attackers with M-mode access to corrupt processor status registers by exploiting improper handling of WPRI (Write Preserve, Read Ignore) fields in menvcfg operations. Carefully crafted csrrs instructions targeting menvcfg unexpectedly set reserved bits in xstatus to 1, violating RISC-V specification requirements that WPRI fields remain unchanged during CSR operations. Upstream fix committed (5e3dd63) but released version not confirmed. EPSS score 5th percentile indicates low real-world exploitation probability despite theoretical high impact, with no active exploitation or public POC identified.

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23337 MEDIUM This Month

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-23302 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23301 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20238 MEDIUM This Month

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-23252 MEDIUM This Month

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.

Information Disclosure Nvdebug
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2024-0114 HIGH This Week

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2022-32259 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-5372 HIGH This Week

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Powerstore 1000 Firmware Emc Powerstore 3000 Firmware Emc Powerstore 5000 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.9%
EPSS 0% CVSS 6.7
MEDIUM This Month

Fortinet FortiOS and FortiProxy expose an internal debug interface (CWE-1244) that allows authenticated administrators to execute arbitrary Lua scripts through crafted CLI commands, exceeding their intended administrative scope. The vulnerability spans broad version ranges of both products, including FortiOS 6.4 through 7.6.2 and FortiProxy 7.0 through 7.6.3. While exploitation requires existing high-privilege (admin) access - limiting opportunistic attack surface - the CVSS temporal vector (E:P) confirms a proof-of-concept exploit exists, and the official fix is available (RL:O). No public exploit identified at time of analysis beyond the proof-of-concept, and this vulnerability is not listed in CISA KEV.

Fortinet Information Disclosure Fortios +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privileged CSR manipulation in XiangShan RISC-V processor core (commit aecf601e80, 2024-11-19) allows local attackers with M-mode access to corrupt processor status registers by exploiting improper handling of WPRI (Write Preserve, Read Ignore) fields in menvcfg operations. Carefully crafted csrrs instructions targeting menvcfg unexpectedly set reserved bits in xstatus to 1, violating RISC-V specification requirements that WPRI fields remain unchanged during CSR operations. Upstream fix committed (5e3dd63) but released version not confirmed. EPSS score 5th percentile indicates low real-world exploitation probability despite theoretical high impact, with no active exploitation or public POC identified.

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Nvidia +1
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.

Information Disclosure Nvdebug
NVD
EPSS 0% CVSS 8.1
HIGH This Week

NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an. Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure RCE +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Emc Powerstore 1000 Firmware +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy