VARIoT IoT vulnerabilities database

A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. This issue being tracked by Cisco Bug ID CSCvk66471. Cisco Aironet 1540 Series APs are all products of Cisco (Cisco). There are misconfiguration vulnerabilities in the CLI of many Cisco products, which originate from unreasonable file configurations and parameter configurations during the use of network systems or components. The following products are affected: Cisco Aironet 1540 Series APs; Aironet 1560 Series APs; Aironet 1800 Series APs; Aironet 2800 Series APs; Aironet 3800 Series APs

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by inserting specific character strings in the message. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvo01349 and CSCvo78686

A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected. Cisco Prime Network Registrar Contains an initialization vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvn20662. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI commands. An attacker could exploit this vulnerability by accessing the CLI of an affected AP with administrator privileges and issuing crafted commands that result in directory traversal. A successful exploit could allow the attacker to view system files on the affected device, which could contain sensitive information. Software versions 8.8 and 8.9 are affected. This issue is being tracked by Cisco Bug ID's CSCvk79392. The following products are vulnerable: Aironet 1540 Series APs Aironet 1560 Series APs Aironet 1800 Series APs Aironet 2800 Series APs Aironet 3800 Series APs. The vulnerability stems from the failure of network systems or products to properly filter resources or special elements in file paths

A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco ISE software version 2.1 is affected. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo10441. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by sending an email with a malicious payload to another user. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This vulnerability affects software versions 5.3.4.x. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn65870. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support

A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn47520

A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected. Attackers can exploit this issue to cause denial of service conditions. This issue is being tracked by Cisco Bug ID CSCvo08315. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be allowed for a specific subset of local management CLI commands. The vulnerability is due to lack of proper input validation of user input for local management CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted form of a limited subset of local management CLI commands. An exploit could allow the attacker to overwrite an arbitrary files on disk or inject CLI command parameters that should have been disabled. This vulnerability is fixed in software version 4.0(2a) and later. Cisco UCS B series Blade Server Contains an input validation vulnerability.Information may be tampered with. Cisco UCS B-Series Blade Servers are prone to an arbitrary file-creation vulnerability. This may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCvm86205 and CSCvn00552. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a specifically crafted XML payload. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition until the system is manually rebooted. Software versions prior to X12.5.1 are affected. This issue is being tracked by Cisco Bug IDCSCvn99036. The Cisco Expressway Series is an advanced collaboration gateway for unified communications. The vulnerability is caused by the network system or product not properly validating the input data

A vulnerability in the administrative GUI configuration feature of Cisco Wireless LAN Controller (WLC) Software could allow an aUTHENTICated, remote attacker to cause the device to reload unexpectedly during device configuration when the administrator is using this GUI, causing a denial of service (DoS) condition on an affected device. The attacker would need to have valid administrator credentials on the device. This vulnerability is due to incomplete input validation for unexpected configuration options that the attacker could submit while accessing the GUI configuration menus. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted user input when using the administrative GUI configuration feature. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Software versions prior to 8.3.150.0, 8.5.140.0, 8.8.111.0 are affected by this vulnerability. Cisco Wireless LAN Controller (WLC) The software contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Wireless LAN Controller is prone to multiple denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCvb35683, CSCvd64417, CSCve58704, CSCve68131, CSCve82306, CSCve88013, CSCve90361, CSCve90365, CSCve91536, CSCve91601, CSCve92619, CSCve93039, CSCve93215, CSCve93547, CSCve94030, CSCve94052, CSCve94683, CSCve94821, CSCve94942, CSCve95046, CSCve95104, CSCve95848, CSCve95866, CSCve95898, CSCve95987, CSCve96534, CSCve96615, CSCve96858, CSCve96879, CSCve97734, CSCve97771, CSCve98357, CSCve98393, CSCve98434, CSCve99020, CSCve99072, CSCve99212, CSCve99744, CSCvf01690, CSCvf02412, CSCvf06525, CSCvf08015, CSCvf15789, CSCvf16237, CSCvf16322, CSCvf16358, CSCvf20684, CSCvf27133, CSCvf27342, CSCvf42722, CSCvf47085, CSCvf47220, CSCvf47430, CSCvf47934, CSCvf54469, CSCvf57639, CSCvf58849, CSCvf59210, CSCvf59796, and CSCvf59799. Cisco WLC Software releases prior to 8.3.150.0, releases prior to 8.5.140.0, and releases prior to 8.8.111.0 have an input validation error vulnerability in the management GUI configuration function, which is caused by the network system or product not properly validating the entered data

A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on the device with the privileges of the user, including modifying the device configuration. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an interface user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the user. Software versions prior to 8.3.150.0, 8.5.135.0, and 8.8.100.0 are affected. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvj06910

A vulnerability in the session identification management functionality of the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not properly clear previously assigned session identifiers for a user session when a user authenticates to the web-based interface. An attacker could exploit this vulnerability by using an existing session identifier to connect to the software through the web-based interface. Successful exploitation could allow the attacker to hijack an authenticated user's browser session on the system. Versions 8.1 and 8.5 are affected. Cisco Wireless LAN Controller (WLC) There is an authentication vulnerability in the software.Information may be tampered with. This issue is being tracked by Cisco bug ID CSCvi25569. The vulnerability is caused by the lack of authentication measures or insufficient authentication strength in the network system or product

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user to access a report containing malicious content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions 6.2.3, 6.3.0, and 6.4.0 are affected. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn99712

A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit this vulnerability by placing a binary of their choosing earlier in the search path utilized by Cisco Directory Connector to locate and load required resources. A local attacker can leverage this issue to execute arbitrary code with administrative system privileges. The program includes dashboard, Lightweight Directory Access Protocol (LDAP) filtering, user attribute mapping, and event viewer capabilities

A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0). This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvk79421

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected. Cisco Wireless LAN Controller is prone to multiple denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCvh91032, CSCvh96364, and CSCvi89027. There is a resource management error vulnerability in the processing of IAPP messages in Cisco WLC Software, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected. Cisco Wireless LAN Controller is prone to multiple denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCvh91032, CSCvh96364, and CSCvi89027. There is a resource management error vulnerability in the processing of IAPP messages in Cisco WLC Software, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the handling of Inter-Access Point Protocol (IAPP) messages by Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exist because the software improperly validates input on fields within IAPP messages. An attacker could exploit the vulnerability by sending malicious IAPP messages to an affected device. A successful exploit could allow the attacker to cause the Cisco WLC Software to reload, resulting in a DoS condition. Software versions prior to 8.2.170.0, 8.5.150.0, and 8.8.100.0 are affected. Cisco Wireless LAN Controller is prone to multiple denial-of-service vulnerabilities. These issues are being tracked by Cisco Bug IDs CSCvh91032, CSCvh96364, and CSCvi89027. There is a resource management error vulnerability in the processing of IAPP messages in Cisco WLC Software, which originates from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The vulnerability is due to incorrect processing of the ACL applied to an interface of an affected device when Cisco Express Forwarding load balancing using the 3-tuple hash algorithm is enabled. An attacker could exploit this vulnerability by sending traffic through an affected device that should otherwise be denied by the configured ACL. An exploit could allow the attacker to bypass protection offered by a configured ACL on the affected device. There are workarounds that address this vulnerability. Affected Cisco IOS XR versions are: Cisco IOS XR Software Release 5.1.1 and later till first fixed. First Fixed Releases: 6.5.2 and later, 6.6.1 and later. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm01102. The vulnerability is caused by the network system or product not properly restricting resource access from unauthorized roles