VARIoT IoT vulnerabilities database

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device. This issue is being tracked by Cisco Bug ID CSCvn09779. The FUSE file system functionality in Cisco APIC versions prior to 4.1(1i) is vulnerable to permission and access control issues. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an unauthenticated, local attacker with physical access to obtain sensitive information from an affected device. The vulnerability is due to insecure removal of cleartext encryption keys stored on local partitions in the hard drive of an affected device. An attacker could exploit this vulnerability by retrieving data from the physical disk on the affected partition(s). A successful exploit could allow the attacker to retrieve encryption keys, possibly allowing the attacker to further decrypt other data and sensitive information on the device, which could lead to the disclosure of confidential information. This issue is being tracked by Cisco bug ID CSCvn09800. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. Cisco Nexus 9000 Series Fabric Switch Contains a resource management vulnerability.Information may be obtained. This issue is being tracked by Cisco Bug ID CSCvn09825. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. Cisco Nexus 9000 Series Fabric Switches are prone to an local privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvm64104. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient ingress TCP rate limiting for TCP ports 22 (SSH) and 443 (HTTPS). An attacker could exploit this vulnerability by sending a crafted, steady stream of TCP traffic to port 22 or 443 on the data interfaces that are configured with management access to the affected device. Cisco Firepower Threat Defense (FTD) The software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to increase in CPU and memory usage. This issue is being tracked by Cisco Bug ID CSCvf95761, CSCvg76064, CSCvk35736, CSCvn51149

A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry. Multiple Cisco Products are prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug CSCvm75358. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Firepower Threat Defense (FTD) The software is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Exploiting these issues allow remote attackers to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvj83264, CSCvj91418. Cisco Firepower 4100 Series, etc. are all products of Cisco (Cisco). Cisco Firepower 4100 Series is a 4100 series firewall device. Cisco 3000 Series Industrial Security Appliances is a 3000 series firewall appliance. Cisco ASA 5500-X Series Firewalls is a 5500-X series firewall appliance. FTD Software is one of the unified software that provides next-generation firewall services. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Cisco 3000 Series Industrial Security Appliances (ISAs); Adaptive Security Appliance (ASA) 5500-X Series Firewalls; ASA 5500-X Series with FirePOWER Services; Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances; AMP for Networks for FirePOWER 8000 Series Appliances; Firepower 2100 Series; Firepower 4100 Series; FirePOWER 7000 Series Appliances; FirePOWER 8000 Series Appliances; Firepower 9300 Security Appliances;

A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition. This issue is being tracked by Cisco Bug ID CSCvn77957. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid administrator credentials for the device. Cisco Nexus 9000 Series Fabric Switches are prone to an local privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvo72253. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user's browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required. Cisco Umbrella Dashboard Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco bug ID CSCvo03940. The platform protects against cyber threats such as phishing, malware, and ransomware. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. Cisco Nexus 9000 Series Fabric Switches are prone to an remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo80686. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvj34599. Cisco Adaptive Security Appliances Software (ASA Software) is a set of firewall and network security platform of American Cisco (Cisco). The platform provides features such as highly secure access to data and network resources. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user

A vulnerability in certain attachment detection mechanisms of the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected device. The vulnerability is due to improper detection of certain content sent to an affected device. An attacker could exploit this vulnerability by sending certain file types without Content-Disposition information to an affected device. A successful exploit could allow an attacker to send messages that contain malicious content to users. Cisco Email Security Appliance (ESA) Contains an input validation vulnerability.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm36810. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots. Attackers can exploit this issue to cause a reload of the affected devices, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvn78174. The vulnerability stems from the failure of the network system or product to properly validate the input data. The following products and versions are affected: Cisco 3000 Series Industrial Security Appliances; ASA 5500-X Series Firewalls; ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers; Adaptive Security Virtual Appliance; 9300 Security Appliance; FTD Virtual (FTDv)

A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Multiple Cisco Products are prone to an denial-of-service vulnerability. This issue is being tracked by Cisco Bug IDs CSCvm39405, CSCvo19825, CSCvo21348, and CSCvo23532. This issue affects following cisco products if they are running a SIP Software release prior to the first fixed release. IP Conference Phone 7832 IP Conference Phone 8832 IP Phone 7811 IP Phone 7821 IP Phone 7841 IP Phone 7861 IP Phone 8811 IP Phone 8841 IP Phone 8845 IP Phone 8851 IP Phone 8861 IP Phone 8865 Unified IP 8831 Conference Phone1 Unified IP 8831 Conference Phone for Third-Party Call Control2 Wireless IP Phone 8821 Wireless IP Phone 8821-EX. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. Cisco Small Business Switches There is an authorization vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. This issue is being tracked by Cisco bugs CSCvo28588, CSCvp35704

A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvo74414. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)

An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. CompactLogix , Compact GuardLogix , Armor Compact GuardLogix Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rockwell Automation ControlLogix is prone to multiple buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition

An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. plural Rockwell Automation The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Rockwell Automation ControlLogix is prone to multiple buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition

In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Philips Tasy EMR Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Philips Tasy EMR version 3.02.1744 and prior are vulnerable. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code