VARIoT IoT vulnerabilities database

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. A remote attacker could exploit this vulnerability to inject malicious content

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. BIG-IP LTM Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. F5 BIG-IP LTM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following versions of F5 BIG-IP LTM are vulnerable: 13.0.0 through 13.0.1 , 12.1.0 through 12.1.3, and 11.5.1 through 11.6.3. F5 BIG-IP LTM is a local traffic manager of F5 company in the United States

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================== Ubuntu Security Notice USN-4547-1 September 28, 2020 italc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: italc-client 1:3.0.3+dfsg1-3ubuntu0.1 italc-master 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore 1:3.0.3+dfsg1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4547-1 CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

ARM Trusted Firmware-A allows information disclosure. The product implements various Arm interface standards such as PSCI, SMC calling convention, SCMI and SDEI. An attacker could exploit this vulnerability to disclose information

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. Comodo UTM Firewall Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Comodo UTM Firewall is a UTM firewall developed by American Comodo Group. The product includes features such as antispam, content filtering, Web filtering and antivirus. Web Console is one of the web-based management console programs

AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. AirTies Air5341 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AirTies Air5341 is a wireless modem from Airties, Turkey. A cross-site request forgery vulnerability exists in AirTies Air5341 version 1.0.0.12. A remote attacker could exploit this vulnerability to perform unauthorized operations

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility. plural F5 BIG-IP Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. F5 BIG-IP TMUI is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Traffic Management User Interface (TMUI) is one of the user management interfaces. A remote attacker can exploit this vulnerability to execute JavaScript code. The following products and versions are affected: F5 BIG-IP LTM Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP AAM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP AFM 14.0.0, 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Analytics Version 14.0.0, Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1 .3, 11.6.0 to 11.6.3; BIG-IP APM 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6. 3 versions; BIG-IP ASM version 14.0.0, 13.0.0 to 13.1.1, 12.1.0 to 12.1.3, 11.6.0 to 11.6.3; BIG-IP DNS 14.0.0 , Version 13.0.0 to Version 13.1.1, Version 12.1.0 to Version 12.1.3, Version 11.6.0 to Version 11.6.3; BIG-IP Edge Gateway Version 14.0.0, Version 13.0.0 to Version 13.1.1 , version 12.1.0 to version 12.1.3, version 11.6.0 to version 11.6.3; BIG-IP FPS version 14.0.0, version 13.0.0 to 13.1

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication. plural Mitsubishi Electric Q Series products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. Mitsubishi Electric MELSEC-Q Series PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Misubishi Electric Q03UDVCPU, etc. are all PLC (programmable logic controller) products of Japan's Mitsubishi Electric (Misubishi Electric) company. Security flaws exist in several Misubishi products. A remote attacker could exploit this vulnerability by sending a specially crafted packet to cause Ethernet to stop communicating. The following products are affected: Misubishi Q03UDVCPU; Q04UDVCPU; Q06UDVCPU; Q13UDVCPU; Q26UDPVCPU; Q03UDECPU;

AVEVA Wonderware System Platform 2017 Update 2 and prior uses an ArchestrA network user account for authentication of system processes and inter-node communications. A user with low privileges could make use of an API to obtain the credentials for this account. AVEVA Wonderware System The platform contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA Wonderware System Platform is a set of fast response control platform from UK's AVEVA company. The platform is mainly used for SCADA and Industrial Internet of Things. A trust management issue vulnerability exists in AVEVA Wonderware System Platform 2017 Update 2 and earlier. The vulnerability stems from the lack of effective trust management mechanisms in network systems or products. Attackers can use the default password or hard-coded passwords, hard-coded certificates, etc. to attack the affected components. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Wonderware System Platform 2017 Update 2 and prior are vulnerable

The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Mate 10 is a smartphone product from China's Huawei

On certain Lexmark devices that communicate with an LDAP or SMTP server, a malicious administrator can discover LDAP or SMTP credentials by changing that server's hostname to one that they control, and then capturing the credentials that are sent there. This occurs because stored credentials are not automatically deleted upon that type of hostname change. plural Lexmark The device contains an information disclosure vulnerability.Information may be obtained. Multiple Lexmark Devices are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The following products are affected: Lexmark CX725h; Lexmark CX820; Lexmark CX825; Lexmark CX860; Lexmark XC4150; Lexmark XC6152; Lexmark XC8155;

Insufficient access restrictions for license manager services for multiple Yokogawa products (CWE-302) Vulnerabilities exist. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.License manager service operated by a remote third party PC , Any file may be created or overwritten in any location with the system authority to execute the service. Multiple Yokogawa Products are prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. The following Yokogawa products are vulnerable: CENTUM VP R5.01.00 through R6.06.00 CENTUM VP Entry Class R5.01.00 through R6.06.00 ProSafe-RS R3.01.00 through R4.04.00 PRM R4.01.00 through R4.02.00 B/M9000 VP R7.01.01 through R8.02.03. are all products of Japan's Yokogawa Electric (Yokogawa). ProSafe-RS is a safety instrumented system. License Manager Service is a license management service used in it. A security vulnerability exists in several Yokogawa products due to the program not properly restricting the upload of malicious files

Shenzhen Qiao An Technology Co., Ltd., as a research and development manufacturer of surveillance cameras, produces and sells Qiao An surveillance, Qiao An surveillance cameras, Qiao An web cameras, Qiao An hard disk video recorders, Qiao An ball machines and so on. Joan wireless camera has an information disclosure vulnerability. An attacker could exploit the vulnerability to obtain video streams from a wireless smart camera without obtaining user permissions.

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter. Allied Telesis 8100L/8 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SirsiDynix e-Library is an electronic library system developed by Sirsi Corporation in the United States. A cross-site scripting vulnerability exists in SirsiDynix e-Library version 3.5.x. A remote attacker could exploit this vulnerability to steal cookie-based authentication credentials, take control of the application, access or modify data, or exploit potential vulnerabilities in the underlying database

Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. Zyxel NBG-418N v2 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyxelNBG-418Nv2Modem is a wireless router from ZyXEL Technology. A cross-site request forgery vulnerability exists in the ZyxelNBG-418Nv2Modem1.00 (AAXM.6) C0 release that could be exploited by a remote attacker to perform unauthorized operations

WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A SQL injection vulnerability exists in Advantech WebAccess/SCADA version 8.3. A remote attacker can exploit the vulnerability to execute SQL commands by sending a specially crafted request. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. WebAccess/SCADA Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. WebAccess/SCADA Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. An SQL-injection vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco SocialMiner Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCvi52835, CSCvn50066 and CSCvn59276. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities