VARIoT IoT vulnerabilities database
| VAR-201910-1677 | CVE-2019-12148 | Sangoma Session Border Controller Authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin web portal without providing any credentials. This affects /var/webconfig/gui/Webconfig.inc.php. Sangoma Technologies SBC is a Border Session Controller (SBC) from Sangoma Technologies of Canada.
Sangoma Technologies SBC 2.3.23-119-GA version has a parameter injection vulnerability. An attacker can use this vulnerability to bypass authentication and log in as a non-existent user, and obtain full access to the database, including the creation of authorized users
| VAR-201910-0706 | CVE-2019-17526 | SageMath Sage Cell Server operating system command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-17526Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
| VAR-201910-1676 | CVE-2019-12147 |
Sangoma Session Border Controller Injection vulnerability
Related entries in the VARIoT exploits database: VAR-E-201910-0056 |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt. Sangoma Technologies SBC is a Border Session Controller (SBC) from Sangoma Technologies of Canada.
A security vulnerability exists in the Sangoma Technologies SBC 2.3.23-119-GA version. Attackers can use the application's login interface to exploit the vulnerability to create privileged accounts on the system
| VAR-201910-1211 | CVE-2019-13541 | Horner Automation Cscape Input validation error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. Horner Automation Cscape is a set of programming software for the development of industrial control systems by Horner Automation
| VAR-201910-0848 | CVE-2019-17668 | Samsung Galaxy S10 and Note10 Vulnerability related to input validation on devices |
CVSS V2: 4.4 CVSS V3: 6.8 Severity: MEDIUM |
Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. Samsung Galaxy S10 and Note10 The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Samsung Galaxy S10 and Samsung Galaxy Note10 are both smartphones of the Korean company Samsung.
There are security holes in Samsung Galaxy S10 and Samsung Galaxy Note10. An attacker can use the unregistered fingerprint to use the vulnerability to open the phone
| VAR-201910-0335 | CVE-2019-12611 | Bitdefender BOX Vulnerability related to allocation of resources without restrictions or throttling in firmware |
CVSS V2: 4.9 CVSS V3: 4.4 Severity: MEDIUM |
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. Bitdefender BOX The firmware contains a vulnerability related to resource allocation without restrictions or throttling.Service operation interruption (DoS) There is a possibility of being put into a state
| VAR-201910-0923 | CVE-2019-15066 | HiNet GPON Vulnerability related to input validation in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). HiNet GPON The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731
| VAR-201910-0922 | CVE-2019-15065 | HiNet GPON Information disclosure vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L). HiNet GPON Firmware contains an information disclosure vulnerability.Information may be obtained. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
A security vulnerability exists in Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731
| VAR-201910-1249 | CVE-2019-15849 | eQ-3 HomeMatic CCU3 Firmware session fixation vulnerability |
CVSS V2: 4.9 CVSS V3: 7.3 Severity: HIGH |
eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system. eQ-3 Homematic CCU3 is a central control unit for a smart home system from German eQ-3 company
| VAR-201910-0921 | CVE-2019-15064 | HiNet GPON Firmware authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. HiNet GPON There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Chunghwa Telecom HiNet GPON is an optical modem of Chunghwa Telecom, Taiwan.
Chunghwa Telecom HiNet GPON using firmware earlier than I040GWR190731 has a security vulnerability
| VAR-202001-0753 | CVE-2019-13537 | IEC870IP driver Buffer Overflow Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash. AVEVA for IEC870IP The driver contains an out-of-bounds write vulnerability.Denial of service (DoS) May be in a state. AVEVA Vijeo Citect and AVEVA CitectSCADA are a set of data acquisition and monitoring system (SCADA) software. IEC870IP is one of these drivers
| VAR-201910-1250 | CVE-2019-15850 | eQ-3 HomeMatic CCU3 Vulnerability related to input validation in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. eQ-3 HomeMatic CCU3 The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. eQ-3 Homematic CCU3 is a central control unit for a smart home system from German eQ-3 company
| VAR-201910-0375 | CVE-2019-12637 | Cisco Identity Services Engine Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
| VAR-201910-0376 | CVE-2019-12638 | Cisco Identity Services Engine Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
| VAR-201910-0342 | CVE-2019-12705 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Cisco Expressway Series is an advanced collaboration gateway for unified communications
| VAR-201910-0980 | CVE-2019-15266 | Cisco Wireless LAN Controller Software path traversal vulnerability |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to improper sanitization of user-supplied input in command-line parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files that may contain sensitive information
| VAR-201910-0956 | CVE-2019-15280 | Cisco Firepower Management Center Software cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious code in certain sections of the interface that are visible to other users. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. An attacker would need valid administrator credentials to exploit this vulnerability
| VAR-201910-0957 | CVE-2019-15281 | Cisco Identity Services Engine Software cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
| VAR-201910-0345 | CVE-2019-12708 | Cisco SPA100 Series Analog Telephone Adapters Vulnerable to information disclosure |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to unsafe handling of user credentials. An attacker could exploit this vulnerability by viewing portions of the web-based management interface of an affected device. A successful exploit could allow the attacker to access administrative credentials and potentially gain elevated privileges by reusing stolen credentials on the affected device
| VAR-201910-0960 | CVE-2019-15241 | Cisco SPA100 Series Analog Telephone Adapters Buffer error vulnerability |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. The Cisco SPA100 Series is an analog phone adapter from Cisco that allows your standard analog phone to access Internet phone services through the RJ-11 phone port.
A remote code execution vulnerability exists in the Cisco SPA100 series with firmware 1.4.1 SR4 and earlier