VARIoT IoT vulnerabilities database

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checking. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. An exploit could allow the attacker to cause a buffer overflow, resulting in a process crash and DoS condition on the device. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A number error vulnerability exists in the web server in Cisco IMC due to improper bounds checking

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device. Shenzhen Cylan Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 The device contains an information disclosure vulnerability.Information may be obtained. ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W and ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W-V4 are smart cameras from China's Shenzhen CylanTechnology. There are security holes in ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W and ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W-V4

On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt. Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W and ShenzhenCylanTechnologyCleverDogSmartCameraDOG-2W-V4 are smart cameras from China's Shenzhen CylanTechnology

A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules. RDK RDKB CcspPandM The module contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RDK is a set of modular, portable, and customizable open source IoT software solutions for the RDK Management community. CcspPandM is one of the modules used to implement the core configuration and management functions of the device. A buffer error vulnerability exists in the 'Service_SetParamStringValue' function of the cosa_x_cisco_com_ddns_dml.c file of the CcspPandM module in the RDK RDKB-20181217-1 version. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module. RDK RDKB CcspPandM The module contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RDK is a set of modular, portable, and customizable open source IoT software solutions for the RDK Management community. CcspPandM is one of the modules used to implement the core configuration and management functions of the device. A buffer error vulnerability exists in the cosa_dhcpv4_dml.c file of the CcspPandM module in the RDK RDKB-20181217-1 version. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. RDK RDKB WebUI The module contains an access control vulnerability.Information may be tampered with. RDK Management RDK is a modular, portable, and customizable open source IoT software solution for the RDK Management community

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module. RDK RDKB CcspWifiAgent The module contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RDK is a set of modular, portable, and customizable open source IoT software solutions for the RDK Management community. CcspWifiAgent is one of the modules that support the WiFi function. The cosa_wifi_apis.c file of the CcspWifiAgent module in the RDK RDKB-20181217-1 version has a security vulnerability. RDK RDKB-20181217-1 CcspWifiAgent module could allow a remote authenticated malicious user to execute arbitrary commands on the system, caused by a flaw in the cosa_wifi_apis.c

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PC-Doctor for Windows is prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. PC-Doctor Toolbox is a hardware diagnostic and system information monitoring tool developed by PC-Doctor Toolbox in the United States. A security vulnerability exists in PC-Doctor Toolbox versions prior to 7.3. Full Disclosure I. VULNERABILITY ------------------------- Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 7.3 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable. II. CVE REFERENCE ------------------------- CVE-2019-12280 III. VENDOR ------------------------- PC-Doctor, Inc. IV. Affected Products ------------------------- PC-Doctor Toolbox for Windows Also re-branded as: CORSAIR ONE Diagnostics CORSAIR Diagnostics Staples EasyTech Diagnostics Tobii I-Series Diagnostic Tool Tobii Dynavox Diagnostic Tool V. TIMELINE ------------------------- May 03, 2019 Vulnerability reported to PC-Doctor, Inc. May 04, 2019 Vulnerability confirmed by PC-Doctor, Inc. May 17, 2019 PC-Doctor, Inc. identified additional attack vectors in third party dependencies. June 11, 2019 PC-Doctor Toolbox for Windows 7.3 released to OEM customers for testing. June 12, 2019 PC-Doctor Toolbox for Windows 7.3 released to retail end-users. June 19, 2019 Disclosure published. VI. CREDIT ------------------------- Peleg Hadar from SafeBreach, Inc. VII. SOLUTION ------------------------- Upgrade to version 7.3 of PC-Doctor Toolbox (or re-branded products)

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one. Check Point Endpoint Security Client Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine. in the United States. The program provides automated, proactive and predictive techniques for troubleshooting and more. The program provides automated, proactive and predictive techniques for troubleshooting and more

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. ASUS Vivobaby for Android is an Android platform-based baby physiological monitor control and management application developed by China Taiwan ASUS Corporation. There is a trust management issue vulnerability in ASUS Vivobaby versions earlier than 1.1.09 based on the Android platform. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. ISC BIND 9 There is a service disruption (DoS) Vulnerabilities exist. An attacker can exploit this issue to cause a denial-of-service condition. ISC BIND is a set of open source software developed by ISC Corporation in the United States that implements the DNS protocol. The vulnerability stems from the improper handling of concurrent access when concurrent codes need to access shared resources mutually exclusive during the running of the network system or product. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. ISC has confirmed the vulnerability and released software updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] bind (SSA:2019-171-01) New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.11.8-i586-1_slack14.2.txz: Upgraded. For more information, see: https://kb.isc.org/docs/cve-2019-6471 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.8-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.8-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.8-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.8-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.3-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.3-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 9607f8e5a02ddd973b611b132e27a18a bind-9.11.8-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 7ca41b2cc7476a177d86efb8e0d635ca bind-9.11.8-x86_64-1_slack14.0.txz Slackware 14.1 package: 82fe22a0cd33f6401ea24ad0f2f4a3d3 bind-9.11.8-i486-1_slack14.1.txz Slackware x86_64 14.1 package: b5abf1923df6e5eeb88d3ef2764cf74c bind-9.11.8-x86_64-1_slack14.1.txz Slackware 14.2 package: c94fa2993da21984d436c8f7e6a31478 bind-9.11.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 681a10d5b96c806146b68e15c785e073 bind-9.11.8-x86_64-1_slack14.2.txz Slackware -current package: 27af9b7debe692841182193eb397e2da n/bind-9.14.3-i586-1.txz Slackware x86_64 -current package: a8e742c791d996a68be9e687a50b8288 n/bind-9.14.3-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.11.8-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAl0LzDsACgkQakRjwEAQIjOsnQCeN3xh8ruGxMCerBrwdOiuDE+M bwoAn2F6rHk2C5UOr5B6Yqbt77gfk7eh =Q1GL -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-4026-1 June 20, 2019 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS Summary: Bind could be made to crash if it received specially crafted network traffic. Software Description: - bind9: Internet Domain Name Server Details: It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: bind9 1:9.11.5.P1+dfsg-1ubuntu2.5 Ubuntu 18.10: bind9 1:9.11.4+dfsg-3ubuntu5.4 Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.8 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4026-1 CVE-2019-6471 Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.11.5.P1+dfsg-1ubuntu2.5 https://launchpad.net/ubuntu/+source/bind9/1:9.11.4+dfsg-3ubuntu5.4 https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.8

A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make. Cisco SD-WAN Solution Vulnerabilities related to authorization, authority, and access controlInformation is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN Solution is prone to a remote privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvi69886. CLI is one of those command line interfaces

A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. A successful exploit could allow the attacker to make configuration changes to the system as the root user. Cisco SD-WAN Solution Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN Solution is prone to local privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvi69756. Versions prior to Cisco SD-WAN Solution 18.3.6, 18.4.1, and 19.1.0 are vulnerable. CLI is one of those command line interfaces. The following products and versions are affected: Cisco vBond Orchestrator Software; vEdge 100 Series Routers; vEdge 1000 Series Routers; vEdge 2000 Series Routers; vEdge 5000 Series Routers; vEdge Cloud Router Platform; vManage Network Management Software; vSmart Controller Software

A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product. Cisco Meeting Server Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Meeting Server is prone to local command-injection vulnerability. This issue is being tracked by Cisco Bug ID CSCvk42093

A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. Cisco TelePresence Endpoint is prone to a command-injection vulnerability. This issue is being tracked by Cisco Bug ID CSCvo28194. The following products of the Cisco are vulnerable: Cisco TelePresence Integrator C Series Cisco TelePresence EX Series Cisco TelePresence MX Series Cisco TelePresence SX Series Cisco Webex Room Series. Collaboration Endpoint (CE) Software is a set of terminal collaboration software

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvp02883. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. The RV215W is a Wireless-N VPN router from Cisco. A denial of service vulnerability exists in the Web-based management interface of Cisco RV110W versions prior to 1.2.2.4, versions prior to RV130W 1.0.3.51, and versions prior to RV215W 1.3.1.4. Cisco RV110W, RV130W, and RV215W Routers are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvo21850, CSCvo39082 and CSCvo39087

A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient checking of an input buffer. An attacker could exploit this vulnerability by passing a crafted file to the affected system. A successful exploit could inhibit an administrator's ability to access the system. Successful exploits may allow an attacker to cause denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed. This issue is being tracked by Cisco Bug ID CSCvo36079. The software supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. A buffer error vulnerability exists in the firmware signature checker in Cisco IMC