VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. Cisco Small Business RV320 and RV325 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoSmallBusinessRV320 and RV325 are enterprise routers from Cisco. A command injection vulnerability exists in CiscoSmallBusinessRV320 and RV325 that uses firmware version 1.4.2.15 through 1.4.2.19. This issue is being tracked by Cisco Bug ID CSCvm78058. The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable: Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19. Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. Crafted data in an ARF file can trigger a write past the end of an allocated buffer. These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165. Cisco Webex Business Suite WBS32 sites and so on are the video conferencing solutions of Cisco (Cisco). The following products are affected: Cisco Webex Business Suite WBS32 sites; Webex Business Suite WBS33 sites; Webex Meetings Online; Webex Meetings Server

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. Crafted data in an ARF file can trigger a write past the end of an allocated buffer. These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165. Cisco Webex Business Suite WBS32 sites and so on are the video conferencing solutions of Cisco (Cisco). The following products are affected: Cisco Webex Business Suite WBS32 sites; Webex Business Suite WBS33 sites; Webex Meetings Online; Webex Meetings Server

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition. The system has functions such as equipment management, asset tracking and intelligent metering. There are security holes in the implementation of the UDP protocol in Cisco IoT-FND. This issue is being tracked by Cisco bug ID CSCvj35124

A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user. Cisco vContainer Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in a denial-of-service condition. This issue being tracked by Cisco Bug ID CSCvm25955

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have an Incorrect Access Control vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. PLC Wireless Router GPN2.4P21-C-CN is a wireless router product

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. ChinaMobile PLC Wireless Router GPN2.4P21-C-CN The device firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, adjacent attacker to bypass authentication and have direct unauthorized access to other vSmart containers. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. Cisco SD-WAN Solution Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to an unauthorized-access vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvm25940

A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit this vulnerability by sending crafted commands to the CLI of an affected device. A successful exploit could allow the attacker to establish an interactive session with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device. Cisco SD-WAN Solution Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to multiple privilege-escalation vulnerabilities. Cisco vBond Orchestrator Software and others are products of Cisco (Cisco). Cisco vBond Orchestrator Software is a suite of secure network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network expansion solutions running in it. The following products are affected: Cisco vBond Orchestrator Software; vEdge 100 Series Routers; vEdge 1000 Series Routers; vEdge 2000 Series Routers; vEdge 5000 Series Routers; vEdge Cloud Router Platform; vManage Network Management Software; vSmart Controller Software

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Webex Meetings Server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvn10993. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvn41579. The platform provides functions such as report-related business data and comprehensive display of call center data

A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. Cisco SD-WAN Solution Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN Solution is prone to local privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvi69985. Versions prior to Cisco SD-WAN Solution 18.4.0 are vulnerable. Cisco vBond Orchestrator Software and others are products of Cisco (Cisco). Cisco vBond Orchestrator Software is a suite of secure network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network expansion solutions running in it. The following products are affected: Cisco vBond Orchestrator Software; vEdge 100 Series Routers; vEdge 1000 Series Routers; vEdge 2000 Series Routers; vEdge 5000 Series Routers; vEdge Cloud Router Platform; vManage Network Management Software; vSmart Controller Software

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. Cisco SD-WAN Solution Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to an arbitrary file-overwrite vulnerability. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. This issue is being tracked by Cisco Bug IDs CSCvi69862. Cisco SD-WAN Solution versions prior to 18.4.0 are vulnerable. Cisco vBond Orchestrator Software and others are products of Cisco (Cisco). Cisco vBond Orchestrator Software is a suite of secure network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network expansion solutions running in it. The following products are affected: Cisco vBond Orchestrator Software; vEdge 100 Series Routers; vEdge 1000 Series Routers; vEdge 2000 Series Routers; vEdge 5000 Series Routers; vEdge Cloud Router Platform; vManage Network Management Software; vSmart Controller Software

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This issue is being tracked by Cisco Bug ID CSCvk30983

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165. Cisco Webex Business Suite WBS32 sites and so on are the video conferencing solutions of Cisco (Cisco). The following products are affected: Cisco Webex Business Suite WBS32 sites; Webex Business Suite WBS33 sites; Webex Meetings Online; Webex Meetings Server

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165. Cisco Webex Business Suite WBS32 sites and so on are the video conferencing solutions of Cisco (Cisco). The following products are affected: Cisco Webex Business Suite WBS32 sites; Webex Business Suite WBS33 sites; Webex Meetings Online; Webex Meetings Server

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or email attachment and persuading the user to open the file with the affected software. Successful exploitation could allow the attacker to execute arbitrary code on the affected system. These issues are being tracked by Cisco Bug IDs CSCvm65148, CSCvm65207, CSCvm65741, CSCvm65747, CSCvm65794, CSCvm65798, CSCvm86137, CSCvm86143, CSCvm86148, CSCvm86157, CSCvm86160, and CSCvm86165. Cisco Webex Business Suite WBS32 sites and so on are the video conferencing solutions of Cisco (Cisco). The following products are affected: Cisco Webex Business Suite WBS32 sites; Webex Business Suite WBS33 sites; Webex Meetings Online; Webex Meetings Server

A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account. Cisco Identity Services Engine is prone to a privilege-escalation vulnerability. This issue is being tracked by Cisco Bug ID CSCvi44041. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Prime Infrastructure Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvm81867

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvm62862. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies