VARIoT IoT vulnerabilities database
| VAR-202002-0603 | CVE-2020-1844 | PCManager Vulnerability related to authority management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. PCManager Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei PCManager is a set of computer management software developed by China Huawei (Huawei)
| VAR-202002-1717 | No CVE | (Pwn2Own) Samsung Galaxy S10 IndexedDB Use-After-Free Sandbox Escape Vulnerability |
CVSS V2: - CVSS V3: 8.4 Severity: HIGH |
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the IndexedDBDatabase::Close method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and escape the Chromium sandbox.
| VAR-202002-1716 | No CVE | (Pwn2Own) Samsung Galaxy S10 FileWriter Use-After-Free Sandbox Escape Vulnerability |
CVSS V2: - CVSS V3: 8.4 Severity: HIGH |
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Galaxy S10. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of arrays in FileWriterImpl::Write. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and escape the Chromium sandbox.
| VAR-202002-1367 | CVE-2020-8860 | Samsung Galaxy S10 Firmware device Exynos Out-of-bounds write vulnerabilities in chipsets |
CVSS V2: 5.4 CVSS V3: 8.0 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. Zero Day Initiative To this vulnerability ZDI-CAN-9658 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Samsung Galaxy 10 is a smartphone from Samsung in South Korea.
The Call Control Setup message in Samsung Galaxy 10 has a buffer overflow vulnerability. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-202002-1712 | No CVE | (Pwn2Own) Samsung Galaxy S10 Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 6.3 Severity: MEDIUM |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of arrays in JSCallReducer::ReduceArrayMap. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.
| VAR-202002-1707 | No CVE | Omron Automation (China) Co., Ltd. Omron PLC has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Omron PLC is a compact PLC with complete functions that can provide high value-added machine control for industry-leading distributed control of conveying.
Omron (China) Co., Ltd. Omron PLC has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service.
| VAR-202002-1695 | No CVE | Realtek Semiconductor Co., Ltd. Realtek chip ADSL modem/optical modem serial port has command execution vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Realtek (Realtek) is a supplier of audio and network chips.
Realtek Semiconductor Co., Ltd. Realtek chip ADSL modem/optical modem serial port has a command execution vulnerability. Attackers can use this vulnerability to access the backdoor through any IPv4 address of the modem and directly read and write the serial port.
| VAR-202002-1698 | No CVE | The configuration monitoring system of Beijing Jiekong Technology Co., Ltd. has a code execution vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
FameView configuration software is a high-performance configuration monitoring software independently researched and developed by Beijing Jiekong Company with many years of engineering application and service experience, based on the Windows operating system, and provides economical and complete automation solutions.
The configuration monitoring system of Beijing Jiekong Technology Co., Ltd. has code execution vulnerabilities. Attackers can use the vulnerabilities to construct malicious links to induce users to analyze and execute arbitrary code in the context of the application.
| VAR-202002-1699 | No CVE | Backdoor vulnerability exists in FameView configuration monitoring system of Beijing Jiekong |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
FameView configuration software is a high-performance configuration monitoring software independently researched and developed by Beijing Jiekong Company with many years of engineering application and service experience, based on the Windows operating system, and provides economical and complete automation solutions.
The FameView configuration monitoring system of Beijing Jiekong Company has a backdoor vulnerability. Attackers can use the backdoor password to access the configuration monitoring system on any device of the manufacturer and modify the configuration on the device.
| VAR-202002-1682 | No CVE | Shenzhen Anjubao Electronics Co., Ltd. Marlboze/ Wanbaoze-w30 series cameras have weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Wanbaoze camera software can achieve various hardware alarm effects, allowing you to enjoy a real-time home monitoring experience, so that you can easily understand various situations in the home.
Shenzhen Anjubao Electronics Co., Ltd. Marlboze/ Wanbaoze-w30 series cameras have a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202002-1683 | No CVE | Shenzhen Anjubao Electronics Co., Ltd. Marlboze/ Wanbaoze-w30 series cameras have command execution vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Wanbaoze camera software can achieve various hardware alarm effects, allowing you to enjoy a real-time home monitoring experience, so that you can easily understand various situations in the home.
Shenzhen Anjubao Electronics Co., Ltd. Marlboze/ Wanbaoze-w30 series cameras have a command execution vulnerability. Attackers can use this vulnerability to implement command injection without authorization.
| VAR-202003-1594 | CVE-2020-6972 | Notifier Web Server In Capture-replay Vulnerability related to authentication bypass by |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. NOTI? FIRE? NET Web Server is a web-based HTML server that allows you to remotely access the NOTI? FIRE? NET network via the Internet or an intranet. An attacker could use this vulnerability to bypass authentication through a browser capture-replay attack
| VAR-202009-0517 | CVE-2019-1736 | Cisco UCS C Digital Signature Verification Vulnerability in Series Rack Servers |
CVSS V2: 6.9 CVSS V3: 6.6 Severity: MEDIUM |
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco UCS C A series rack server contains a vulnerability related to digital signature verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco UCS C-Series is a C series rack server from Cisco (USA). The following products and versions are affected: Firepower Management Center (FMC) 1000; Firepower Management Center (FMC) 2500; Firepower Management Center (FMC) 4500; Secure Network Server 3500 Series Appliances; Secure Network Server 3600 Series Appliances; Threat Grid 5504 Appliance
| VAR-202009-0362 | CVE-2019-1888 | Cisco Unified Contact Center Express Vulnerability in unlimited upload of dangerous types of files in |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root. (DoS) It may be in a state. Cisco Unified Contact Center Express (Unified CCX) is a customer relationship management component in a unified communication solution of Cisco (Cisco). This component supports functions such as self-service voice service, call distribution, and customer access control. A code issue vulnerability exists in Cisco Unified CCX releases prior to 12.5(1) where the program does not adequately restrict what is uploaded to an affected system. I've quoted the Cisco summary below as it's pretty accurate.
tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.
Thanks to Cisco PSIRT who were responsive and professional.
Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a
thing on advisories
| VAR-202009-0513 | CVE-2019-1947 | Cisco Email Security Appliance for Cisco AsyncOS Software input verification vulnerability |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. AsyncOS Software is a set of operating systems running on it
| VAR-202009-0495 | CVE-2019-1983 | Cisco Content Security Management Appliance and Cisco Email Security Appliance Input Validation Error Vulnerability |
CVSS V2: 7.8 CVSS V3: 5.3 Severity: MEDIUM |
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. This device is mainly used to manage all policies, reports, audit information, etc. of email and web security devices. AsyncOS Software is a set of operating systems running on it
| VAR-202002-0710 | CVE-2020-3113 | Cisco Data Center Network Manager Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions
| VAR-202002-0705 | CVE-2020-3132 | Cisco Email Security Appliance Resource exhaustion vulnerability in |
CVSS V2: 7.1 CVSS V3: 5.9 Severity: MEDIUM |
A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur
| VAR-202002-0718 | CVE-2020-3156 | Cisco Identity Services Engine Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
| VAR-202002-0720 | CVE-2020-3159 | Cisco Finesse Cross-site scripting vulnerability in |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Finesse Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Cisco Finesse is a set of call center management software developed by Cisco