VARIoT IoT vulnerabilities database

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. plural WatchGuard The product contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution. The vendor has produced a knowledge-base article[1] and announcement[2] regarding these issues. ZX Security would like to commend the prompt response and resolution of these reported issues by the vendor. Product ======= Several WatchGuard Access Points running firmware before v1.2.9.15 are affected, including: * AP100 * AP102 * AP200 The AP300 is also affected by issues 2, 3 and 4 when running firmware before 2.0.0.10. The latest firmware update resolves these issues. Technical Details ================= 1) Hard-coded credentials ------------------------- CVE-2018-10575 A hard-coded user exists in /etc/passwd. The vendor has requested the specific password and hash be withheld until users can apply the patch. There is no way for a user of the access point to change this password. An attacker who is aware of this password is able to access the device over SSH and pivot network requests through the device, though they may not run commands as the shell is set to /bin/false. 2) Hidden authentication method in web interface allows for authentication bypass --------------------------------------------------------------------------------- CVE-2018-10576 The standard authentication method for accessing the webserver involves submitting an HTML form. This uses a username and password separate from the standard Linux based /etc/passwd authentication. An alternative authentication method was identified from reviewing the source code whereby setting the HTTP headers AUTH_USER and AUTH_PASS, credentials are instead tested against the standard Linux /etc/passwd file. This allows an attacker to use the hardcoded credentials found previously (see 1. Hard-coded credentials) to gain web access to the device. An example command that demonstrates this issue is: curl https://watchguard-ap200/cgi-bin/luci -H "AUTH_USER: admin" -H "AUTH_PASS: [REDACTED]" -k -v This session allows for complete access to the web interface as an administrator. An attacker needs only a serial number (which is displayed to the user when they login to the device through the standard web interface and can be retrieved programmatically) and a valid session. An example request to demonstrate this issue is: res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-bin/luci/;#{stok}/wgupload", 'headers' => { 'AUTH_USER' => 'admin', 'AUTH_PASS' => '[REDACTED]', }, 'cookie' => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail", 'data' => "#!/usr/bin/lua os.execute('touch /code-execution'); }) An attacker can then visit the URL http://watchguard-ap200/cgi-bin/payload.luci to execute this command (or any other command). 4) Change password functionality incorrectly verifies old password ------------------------------------------------------------------ CVE-2018-10578 The change password functionality within the web interface attempts to verify the old password before setting a new one, however, this is done through AJAX. An attacker is able to simply modify the JavaScript to avoid this check or perform the POST request manually. Metasploit Module ================= ZX Security will be releasing a Metasploit module which automates exploitation of this chain of vulnerabilities. This has been delayed till 30 days after the initial patch was made available to ensure users are able to patch their devices. The module and the hard-coded password will be released on May the 14th 2018. Disclosure Timeline =================== Vendor notification: April 04, 2018 Vendor response: April 06, 2018 Firmware update released to public: April 13, 2018 Metasploit module release: May 14, 2018 References ========== [1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy [2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes

A vulnerability in the assignment and management of default user accounts for Secure Shell (SSH) access to Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running Cisco Mobility Express Software could allow an authenticated, remote attacker to gain elevated privileges on an affected access point. The vulnerability exists because the Cisco Mobility Express controller of the affected software configures the default SSH user account for an access point to be the first SSH user account that was created for the Mobility Express controller, if an administrator added user accounts directly to the controller instead of using the default configuration or the SSH username creation wizard. Although the user account has read-only privileges for the Mobility Express controller, the account could have administrative privileges for an associated access point. An attacker who has valid user credentials for an affected controller could exploit this vulnerability by using the default SSH user account to authenticate to an affected access point via SSH. A successful exploit could allow the attacker to log in to the affected access point with administrative privileges and perform arbitrary administrative actions. This vulnerability affects the following Cisco products: Aironet 1800 Series Access Points that are running Cisco Mobility Express Software Releases 8.2.121.0 through 8.5.105.0, Aironet 2800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0, Aironet 3800 Series Access Points that are running Cisco Mobility Express Software Releases 8.3.102.0 through 8.5.105.0. Cisco Bug IDs: CSCva68116. Cisco Aironet Access Point Contains vulnerabilities related to certificate and password management. Vendors have confirmed this vulnerability Bug ID CSCva68116 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MobilityExpressSoftware is a set of management control software running on it. Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to bypass certain restrictions and gain elevated privileges

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. plural WatchGuard The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WatchGuardAP100, AP102 and AP200 are different series of indoor wireless access point devices from WatchGuard. A security vulnerability exists in WatchGuardAP100, AP102, AP200, and AP300. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution. The vendor has produced a knowledge-base article[1] and announcement[2] regarding these issues. ZX Security would like to commend the prompt response and resolution of these reported issues by the vendor. Product ======= Several WatchGuard Access Points running firmware before v1.2.9.15 are affected, including: * AP100 * AP102 * AP200 The AP300 is also affected by issues 2, 3 and 4 when running firmware before 2.0.0.10. The latest firmware update resolves these issues. Technical Details ================= 1) Hard-coded credentials ------------------------- CVE-2018-10575 A hard-coded user exists in /etc/passwd. The vendor has requested the specific password and hash be withheld until users can apply the patch. There is no way for a user of the access point to change this password. An attacker who is aware of this password is able to access the device over SSH and pivot network requests through the device, though they may not run commands as the shell is set to /bin/false. 2) Hidden authentication method in web interface allows for authentication bypass --------------------------------------------------------------------------------- CVE-2018-10576 The standard authentication method for accessing the webserver involves submitting an HTML form. This uses a username and password separate from the standard Linux based /etc/passwd authentication. An alternative authentication method was identified from reviewing the source code whereby setting the HTTP headers AUTH_USER and AUTH_PASS, credentials are instead tested against the standard Linux /etc/passwd file. This allows an attacker to use the hardcoded credentials found previously (see 1. Hard-coded credentials) to gain web access to the device. An example command that demonstrates this issue is: curl https://watchguard-ap200/cgi-bin/luci -H "AUTH_USER: admin" -H "AUTH_PASS: [REDACTED]" -k -v This session allows for complete access to the web interface as an administrator. 3) Hidden "wgupload" functionality allows for file uploads as root and remote code execution -------------------------------------------------------------------------------------------- CVE-2018-10577 Reviewing the code reveals file upload functionality that is not shown to the user via the web interface. An attacker needs only a serial number (which is displayed to the user when they login to the device through the standard web interface and can be retrieved programmatically) and a valid session. An example request to demonstrate this issue is: res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-bin/luci/;#{stok}/wgupload", 'headers' => { 'AUTH_USER' => 'admin', 'AUTH_PASS' => '[REDACTED]', }, 'cookie' => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail", 'data' => "#!/usr/bin/lua os.execute('touch /code-execution'); }) An attacker can then visit the URL http://watchguard-ap200/cgi-bin/payload.luci to execute this command (or any other command). An attacker is able to simply modify the JavaScript to avoid this check or perform the POST request manually. Metasploit Module ================= ZX Security will be releasing a Metasploit module which automates exploitation of this chain of vulnerabilities. This has been delayed till 30 days after the initial patch was made available to ensure users are able to patch their devices. The module and the hard-coded password will be released on May the 14th 2018. Disclosure Timeline =================== Vendor notification: April 04, 2018 Vendor response: April 06, 2018 Firmware update released to public: April 13, 2018 Metasploit module release: May 14, 2018 References ========== [1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy [2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes

A vulnerability in the Cisco Prime File Upload servlet affecting multiple Cisco products could allow a remote attacker to upload arbitrary files to any directory of a vulnerable device (aka Path Traversal) and execute those files. This vulnerability affects the following products: Cisco Prime Data Center Network Manager (DCNM) Version 10.0 and later, and Cisco Prime Infrastructure (PI) All versions. Cisco Bug IDs: CSCvf32411, CSCvf81727. Vendors have confirmed this vulnerability Bug ID CSCvf32411 and CSCvf81727 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Cisco Products are prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037. Vendors have confirmed this vulnerability Bug ID CSCve69037 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploits will result in denial-of-service conditions. The system can respectively control network access and network device access through RADIUS and TACACS protocols. ACS Report is one of the system report generation components

A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457. plural Cisco The product contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvh85410 , CSCvh85430 , CSCvh85440 , CSCvh85442 , CSCvh85453 ,and CSCvh85457 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WebEx ARF player is one of the players, which is mainly used to play WebEx recording files in ARF format

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this vulnerability by convincing a user to visit a malicious website designed to send requests to the affected application while the user is logged into the application with an active session cookie. A successful exploit could allow the attacker to retrieve policy or configuration information from the affected software and to perform another attack against the management console. Cisco Bug IDs: CSCvh68311. Vendors have confirmed this vulnerability Bug ID CSCvh68311 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Management Console is one of the management console programs

Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface. Meross MSS110 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Meross MSS110 is a smart WiFi socket device produced by China Meross Technology Company. There are security vulnerabilities in Meross MSS110 1.1.24 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service or obtain information

Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password. Meross MSS110 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MerossMSS110 is a smart WiFi socket device from China's Meross Technology. One of the TELNET listener components of TELNETlistenerhi. A security vulnerability exists in the TELNETlistener in versions prior to MerossMSS1101.1.24

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass authentication and pass traffic. The vulnerability is due to incorrect implementation of authentication for WebAuth clients in a specific configuration. An attacker could exploit this vulnerability by sending traffic to local network resources without having gone through authentication. A successful exploit could allow the attacker to bypass authentication and pass traffic. This affects Cisco Aironet Access Points running Cisco IOS Software and Cisco Wireless LAN Controller (WLC) releases prior to 8.5.110.0 for the following specific WLC configuration only: (1) The Access Point (AP) is configured in FlexConnect Mode with NAT. (2) The WLAN is configured for central switching, meaning the client is being assigned a unique IP address. (3) The AP is configured with a Split Tunnel access control list (ACL) for access to local network resources, meaning the AP is doing the NAT on the connection. (4) The client is using WebAuth. This vulnerability does not apply to .1x clients in the same configuration. Cisco Bug IDs: CSCvc79502, CSCvf71789. Vendors have confirmed this vulnerability Bug ID CSCvc79502 and CSCvf71789 It is released as.Information may be tampered with. IOSSoftware is a set of operating systems running on it. The product provides security policy, intrusion detection and other functions in the wireless LAN. WebAuthentication (WebAuth) is one of the web authentication client programs. An authorization issue vulnerability exists in the CiscoAuthoAccessPoints IOSSoftware and Cisco WirelessLANController prior to 8.5.10.0 for the WebAuth client, which was caused by the program failing to authenticate. This may lead to further attacks

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. Vendors have confirmed this vulnerability Bug ID CSCvg02116 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. Vendors have confirmed this vulnerability Bug ID CSCvg76469 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222. Vendors have confirmed this vulnerability Bug ID CSCvf89222 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756. Vendors have confirmed this vulnerability Bug ID CSCve17756 It is released as.Information may be tampered with. There are security vulnerabilities in CWAs that use APs in several Cisco products

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. plural F5 The product contains an access control vulnerability.Information may be obtained. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. TMOSShell (tmsh) is one of the command line tools. There are security vulnerabilities in TMOSShell in several F5 products. An attacker could exploit this vulnerability to obtain objects on the file system. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, version 11.2.1 to version 11.6.3.1; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2 Versions, 11.2.1 to 11.6.3.1; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.2, Version 11.2.1 to Version 11.6.3.1; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. Cisco IOS XR The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg95792 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg97808 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg99327 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The detection engine is one of the intrusion detection engines

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. Vendors have confirmed this vulnerability Bug ID CSCvd39568 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. TBK Vision DVR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeNova DVR etc. are DVR (hard disk video recorder) devices from different manufacturers. There are security vulnerabilities in several DVR devices. Products from the following manufacturers are affected: CeNova DVR; Night OWL DVR; Novo DVR; Pulnix DVR; QSee DVR; Securus DVR; TBK Vision DVR