VARIoT IoT vulnerabilities database

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint are prone to an information-disclosure vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to obtain sensitive information or to consume excessive resources, resulting in a denial of service. The former is a set of disaster recovery and data protection software, and the latter is a set of disaster recovery solutions for VMware environments. Link to remedies: Customers can download software from: https://support.emc.com/search/?text=RecoverPoint&searchLang=en_US&facetResource=DOWN Credits: Dell EMC would like to thank Paul Taylor (@bao7uo) for reporting these vulnerabilities. Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlvktrEACgkQgSlofD2Y i6fVXw//QXRWQ+8d/vlhEeHj+xcCX8rggZXI9SnR0rNTEwfoaqRZugmauXNPMwRL Jvkp96Al0RrTLNNxxq9iyqjRnGqUdpHgNlAP4kq+Zs785LlKrvj/2WH/AshwZhZM yDdusIUVHpcV0eR/fm57gvINeGkn0ZU/Ili4xN9JF6CRuyNihi3LvlGlcsXwyQC5 Ja9HCOgM82uUz6NhsWw/GAD9Jxx/2ID3SfqL/m7/o7mioY+jlhGaL8JBlPurXSe6 atP851X2Fj4VnMNNgbvL55JF6/HTFhk2H4JmiuELWYKiCmQvWcp4b6tzzOvyA2VN E71DlqVi33IvPbIbZtE2Ji/WLVrIvlFhXuT/4eihvX5bRt4F731+EPSW6jbKrqcT l4bMYdqouvqMt4BU4Fcm2P5Ynv43rw+mZFnkluQ/XdXBA7micA5QlUZPSD1xKyCS 761uZwl9ccCymk8GRcwFaX3c7WIc1x7yLjbQ+JfvnFiD7TF7xCEdqZG/yD6FAzwz sAXgNIjmPtq5XxL9DpHvnX4NpzTV87U7shfjPiU+mn1n/xaqo+c/MZGDWyloN7LN sPWfwaBHV6I1GZMEDJ/1h8cJV/f2dvEfV5gHBEV2t+nmNvddpjZC4cAKCXd8BlAC fRgraWppWLqHRv3EJVKDEzJlbUks8eQr/HmFovilRaQj/s5ljwg= =s3w/ -----END PGP SIGNATURE-----

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor. PRTG Network Monitor Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configuration. Repeated requests (with a nonexistent hostname in the Host header) permit full enumeration of all certificates on the server. This generally permits an attacker to easily and accurately discover the existence of and relationships among hostnames that weren't meant to be public, though this information could likely have been discovered via other methods with additional effort. Caddy Contains an information disclosure vulnerability.Information may be obtained

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. PowerDNS Recursor Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSRecursor (aka pdns_recursor) is a domain name resolution server from the Dutch PowerDNS company. There are security vulnerabilities in PowerDNSRecursor version 4.0.0 to 4.1.4

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. Philips iSite PACS and IntelliSpace PACS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An access bypass vulnerability exists in Philips iSite PACS and IntelliSpace PACS that an attacker can use to control the components of the system. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Unity Express is prone to an arbitrary command-execution vulnerability. Cisco Unity Express versions prior to 9.0.6 are vulnerable. The product includes features such as voicemail and Interactive Voice Response (IVR)

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall feature makes it easier for remote attackers to ascertain credentials and firewall rules because invalid credentials lead to error -2, whereas rule-based blocking leads to error -8. Foscam C2 Device and Opticam i5 The device contains an information disclosure vulnerability.Information may be obtained. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM)

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The response to an ONVIF media GetStreamUri request contains the administrator username and password. Foscam Opticam i5 There are vulnerabilities related to certificate and password management in the system firmware and application firmware of devices.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow attackers to execute arbitrary OS commands via shell metacharacters in the modelName, by leveraging /mnt/mtd/app/config/ProductConfig.xml write access. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Foscam C2 and Opticam i5 are both IP camera products of China Foscam

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. They allow remote attackers to execute arbitrary OS commands via shell metacharacters in the usrName parameter of a CGIProxy.fcgi addAccount action. Foscam C2 Device and Opticam i5 The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An operating system command injection vulnerability exists in the FoscamC2 and Opticami5 devices. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). Foscam C2 Device and Opticam i5 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A violent authentication attack vulnerability exists in the FoscamC2 and Opticami5 devices, which can be exploited by remote attackers to enforce brute force attacks. Security vulnerabilities exist in Foscam C2 and Opticam i5 devices

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. /mnt/mtd/app has 0777 permissions, allowing local users to replace an archive file (within that directory) to control what is extracted to RAM at boot time. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). An archive file replacement vulnerability exists in FoscamC2 and Opticami5 devices that can be exploited by local attackers to replace archived files

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The firewall has no effect except for blocking port 443 and partially blocking port 88. Foscam C2 Device and Opticam i5 The device contains an access control vulnerability.Information may be tampered with. Both Foscam C2 and Opticami 5 are network camera products from China Foscom (FOSCAM). A firewall invalidation vulnerability exists in the FoscamC2 and Opticami5 devices. The vulnerability stems from the firewall blocking only ports 443 and 88, which can be exploited by remote attackers to control devices

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. RtspServer allows remote attackers to cause a denial of service (daemon hang or restart) via a negative integer in the RTSP Content-Length header. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field. Foscam Opticam i5 A buffer error vulnerability exists in the device system firmware and application firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM)

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetHostname method allows unauthenticated persistent XSS. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). An unauthenticated attacker can exploit this vulnerability for cross-site scripting attacks

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot. Foscam Opticam i5 There is an input validation vulnerability in the device system firmware and application firmware.Service operation interruption (DoS) There is a possibility of being put into a state. FoscamOpticami5 is an IP camera from Foscom (FOSCAM). This vulnerability could be exploited by an unauthenticated attacker to cause a device reboot

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. Cisco Firepower System The software is vulnerable to resource exhaustion.Information may be tampered with. Remote attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug IDs CSCvk76547

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability. CiscoSmallBusiness200SeriesSmartSwitches are small smart switch devices from Cisco. SmallBusinessSwitchesSoftware is a set of switch software that runs on it. This issue is being tracked by Cisco bugs CSCvk20713 and CSCvm11846

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issues are being tracked by Cisco Bug ID CSCvk59387. This appliance is mainly used to manage all policies, reports, audit information, etc. of email and web security appliances. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML