20447 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.
The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-9369 | 多款Moxa Nport产品安全漏洞 — Moxa NPort | 8.4 | - | 2017-02-13 |
| CVE-2017-5144 | Carlo Gavazzi Automation VMU-C EM和VMU-C PV 安全漏洞 — Carlo Gavazzi VMU-C EM and VMU-C PV | 9.8 | - | 2017-02-13 |
| CVE-2017-5163 | Belden Hirschmann GECKO Lite Managed Switch 信息泄露漏洞 — Belden Hirschmann GECKO 2.0.00 and prior | 5.9 | - | 2017-02-13 |
| CVE-2017-3813 | Cisco AnyConnect Secure Mobility Client Software for Windows 授权问题漏洞 — Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.CWE-264 | 7.1 | - | 2017-02-09 |
| CVE-2016-9005 | IBM TS3100和TS3200 Tape库安全漏洞 — System Storage | 9.8 | - | 2017-02-08 |
| CVE-2016-2403 | Sensio Labs Symfony 安全漏洞 — n/a | 9.8 | - | 2017-02-07 |
| CVE-2017-5876 | dotCMS 跨站脚本漏洞 — n/a | 6.1 | - | 2017-02-06 |
| CVE-2017-5877 | dotCMS 跨站脚本漏洞 — n/a | 6.1 | - | 2017-02-06 |
| CVE-2017-5137 | TalariaX SendQuick Entera和Avera设备安全漏洞 — n/a | 7.5 | - | 2017-02-05 |
| CVE-2017-3809 | Cisco Firepower Management Center 安全漏洞 — Cisco Firepower Management Center (FMC) 6.1.0 6.2.0 | - | - | 2017-02-03 |
| CVE-2017-3812 | Cisco Industrial Ethernet 2000 Series Switches 安全漏洞 — Cisco Industrial Ethernet 2000 Switches 15.2(5.4.32i)E2 | 6.8 | - | 2017-02-03 |
| CVE-2017-3814 | Cisco Firepower System Software 安全漏洞 — Cisco Firepower System Software 5.x 6.x | 5.8 | - | 2017-02-03 |
| CVE-2017-3818 | Cisco AsyncOS Software for Cisco Email Security Appliances 安全漏洞 — Cisco AsyncOS 9.7.1-066 | 5.8 | - | 2017-02-03 |
| CVE-2017-3822 | 多款Cisco产品Firepower Threat Defense Software 安全漏洞 — Cisco Firepower Threat Defense Software versions 6.1.x | 5.3 | - | 2017-02-03 |
| CVE-2017-3824 | Cisco cBR-8 Converged Broadband Routers 安全漏洞 — Cisco IOS XE 15.x | 6.8 | - | 2017-02-03 |
| CVE-2016-3023 | IBM Security Access Manager 安全漏洞 — Access Manager | 5.3 | - | 2017-02-01 |
| CVE-2016-9225 | Cisco Adaptive Security Appliance CX Context-Aware Security模块安全漏洞 — all versions of the ASA CX Context-Aware Security moduleCWE-399 | 8.6 | - | 2017-02-01 |
| CVE-2017-3790 | Cisco Expressway Series Software和Cisco TelePresence VCS Software 安全漏洞 — Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerableCWE-399 | 8.6 | - | 2017-02-01 |
| CVE-2017-3791 | Cisco Prime Home 安全漏洞 — Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1CWE-287 | 9.8 | - | 2017-02-01 |
| CVE-2017-3792 | 多款Cisco产品Cisco TelePresence Software 输入验证漏洞 — Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content modeCWE-20 | 9.8 | - | 2017-02-01 |
| CVE-2017-3823 | Cisco WebEx extensions和plugins 安全漏洞 — Cisco WebEx browser extensionsCWE-119 | 9.8 | - | 2017-02-01 |
| CVE-2016-10174 | NETGEAR WNR2000v5路由器缓冲区错误漏洞 — n/a | 9.8 | - | 2017-01-30 |
| CVE-2016-10176 | NETGEAR WNR2000v5路由器安全漏洞 — n/a | 8.8 | - | 2017-01-30 |
| CVE-2016-5528 | Oracle GlassFish Server 安全漏洞 — GlassFish Server | 9.0 | - | 2017-01-27 |
| CVE-2016-5541 | Oracle MySQL Cluster 安全漏洞 — MySQL Cluster | 4.8 | - | 2017-01-27 |
| CVE-2016-5545 | Oracle VM VirtualBox 安全漏洞 — VM VirtualBox | 4.3 | - | 2017-01-27 |
| CVE-2016-5546 | Oracle Java SE,Java SE Embedded和Jrockit 安全漏洞 — Java SE | 7.5 | - | 2017-01-27 |
| CVE-2016-5547 | Oracle Java SE,Java SE Embedded和Jrockit 安全漏洞 — Java SE | 5.3 | - | 2017-01-27 |
| CVE-2016-5548 | Oracle Java SE 和Java SE Embedded 安全漏洞 — Java SE | 6.5 | - | 2017-01-27 |
| CVE-2016-5549 | Oracle Java SE和Java SE Embedded 安全漏洞 — Java SE | 6.5 | - | 2017-01-27 |
Vulnerabilities classified as access:pre-auth represent 20447 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.