VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201803-1606 CVE-2018-0186 Cisco IOS XE Software cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. Vendors have confirmed this vulnerability Bug ID CSCuz38591 , CSCvb09530 ,and CSCvb10022 It is released as.Information may be obtained and information may be altered. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201803-1609 CVE-2018-0190 Cisco IOS XE Software cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. Vendors have confirmed this vulnerability Bug ID CSCuz38591 , CSCvb09530 ,and CSCvb10022 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
VAR-201803-1610 CVE-2018-0193 Cisco IOS XE In software OS Command injection vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. Cisco IOS XE The software includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCuz03145 , CSCuz56419 , CSCva31971 ,and CSCvb09542 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. CLIparser is one of the command line command parsers. This may aid in further attacks
VAR-201803-1605 CVE-2018-0185 Cisco IOS XE In software OS Command injection vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. Cisco IOS XE The software includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCuz03145 , CSCuz56419 , CSCva31971 ,and CSCvb09542 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may aid in further attacks. CLI parser is one of the command line command parsers
VAR-201803-1608 CVE-2018-0189 Cisco IOS Software and Cisco IOS XE Software resource management vulnerability CVSS V2: 7.1
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655. Vendors have confirmed this vulnerability Bug ID CSCva91655 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201803-1611 CVE-2018-0195 Cisco IOS XE Software authentication vulnerabilities CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected device. The vulnerability is due to insufficient authorization checks for requests that are sent to the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious request to an affected device via the REST API. A successful exploit could allow the attacker to selectively bypass authorization checks for the REST API of the affected software and use the API to perform privileged actions on an affected device. Cisco Bug IDs: CSCuz56428. Cisco IOS XE There is an authentication vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCuz56428 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. RESTAPI is one of the APIs that support lightweight RESTful web scripts. Attackers can exploit this issue to gain unauthorized access and gain elevated privileges. This may aid in further attacks. REST API is one of the real-time communication APIs
VAR-201803-1612 CVE-2018-0196 Cisco IOS XE Software Input Validation Vulnerability CVSS V2: 4.0
CVSS V3: 4.9
Severity: MEDIUM
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to write arbitrary files to the operating system of an affected device. The vulnerability is due to insufficient input validation of HTTP requests that are sent to the web UI of the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of the affected software. A successful exploit could allow the attacker to write arbitrary files to the operating system of an affected device. Cisco Bug IDs: CSCvb22645. Vendors have confirmed this vulnerability Bug ID CSCvb22645 It is released as.Information may be tampered with. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. This may aid in further attacks
VAR-201803-1380 CVE-2018-0161 Cisco IOS Software resource management vulnerability CVSS V2: 6.3
CVSS V3: 6.3
Severity: MEDIUM
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541. Cisco IOS The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Cisco Bug ID : CSCvd89541 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. are all switching devices of Cisco (Cisco). Simple Network Management Protocol (SNMP) subsystem is one of the simple network management subsystems used for network device management information exchange
VAR-201803-1374 CVE-2018-0155 Cisco Catalyst 4500 Series and 4500-X Series switch error handling vulnerability CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729. Vendors have confirmed this vulnerability Bug ID CSCvc40729 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Both IOS and IOSXESoftware are operating systems developed for Cisco network devices. The vulnerability stems from a program not adequately handling errors. Cisco IOS and IOS XE Software are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a reload of the device, resulting in a denial-of-service condition
VAR-201803-1379 CVE-2018-0160 Cisco IOS Double release vulnerability in software CVSS V2: 6.3
CVSS V3: 6.3
Severity: MEDIUM
A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818. Vendors have confirmed this vulnerability Cisco Bug ID : CSCve75818 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Simple Network Management Protocol (SNMP) subsystem is one of the simple network management subsystems used for network device management information exchange
VAR-201803-1372 CVE-2018-0152 Cisco IOS XE software Vulnerabilities related to authorization, permissions, and access control CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability exists because the affected software does not reset the privilege level for each web UI session. An attacker who has valid credentials for an affected device could exploit this vulnerability by remotely accessing a VTY line to the device. A successful exploit could allow the attacker to access an affected device with the privileges of the user who previously logged in to the web UI. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled and authentication, authorization, and accounting (AAA) authorization is not configured for EXEC sessions. The default state of the HTTP Server feature is version-dependent. This vulnerability was introduced in Cisco IOS XE Software Release 16.1.1. Cisco Bug IDs: CSCvf71769. Vendors have confirmed this vulnerability Bug ID CSCvf71769 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201803-1377 CVE-2018-0158 Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Module Input Validation Vulnerability CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394. Cisco IOS Software and Cisco IOS XE The software contains input validation vulnerabilities and resource management vulnerabilities. Vendors have confirmed this vulnerability Cisco Bug ID : CSCvf22394 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. InternetKeyExchangeVersion2(IKEv2)module is one of the network key exchange modules. The vulnerability stems from a program failing to properly handle IKEv2 packets
VAR-201803-1373 CVE-2018-0154 Cisco IOS Software resource management vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267. Cisco IOS The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd39267 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Crypto engine is one of the encryption engines
VAR-201803-2365 No CVE Super User Password Reset Vulnerability in Deep Internet Behavior Management Router CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
IP-COM Deep Internet Behavior Management is a network management device that provides network administrators with functions such as user authentication, web filtering, application control, flow control, content filtering, behavior auditing, and VPN. There is a supervisor password reset vulnerability in the Deep Internet Behavior Management Router. Attackers can use this vulnerability to reset the supervisor password and log in to the console to obtain sensitive information.
VAR-201804-1022 CVE-2018-0194 Cisco IOS XE In software OS Command injection vulnerability CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. Cisco IOS XE The software includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCuz03145 , CSCuz56419 , CSCva31971 ,and CSCvb09542 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may aid in further attacks. CLI parser is one of the command line command parsers
VAR-201803-1389 CVE-2018-0173 Cisco IOS Software and Cisco IOS XE Software input validation vulnerability CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754. Cisco IOS Software and Cisco IOS XE The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg62754 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201803-1381 CVE-2018-0163 Cisco IOS Software authentication vulnerabilities CVSS V2: 3.3
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x multi-auth port. The vulnerability is due to a logic change error introduced into the code. An attacker could exploit this vulnerability by trying to access an 802.1x multi-auth port after a successful supplicant has authenticated. An exploit could allow the attacker to bypass the 802.1x access controls and obtain access to the network. Cisco Bug IDs: CSCvg69701. Vendors have confirmed this vulnerability Bug ID CSCvg69701 It is released as.Information may be tampered with. This may lead to further attacks
VAR-201803-1376 CVE-2018-0157 Cisco IOS XE Data processing vulnerability in software CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296. Vendors have confirmed this vulnerability Bug ID CSCvf60296 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201803-1387 CVE-2018-0171 Cisco IOS Software and Cisco IOS XE Software buffer error vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability and an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg76186 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. As a plug-and-play configuration and image management function, SmartInstall provides zero-configuration deployment for newly-joined switches, auto-initial configuration and operating system image loading, and configuration file backup. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions
VAR-201803-1371 CVE-2018-0151 Cisco IOS Software and Cisco IOS XE software Buffer error vulnerability CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf73881 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The qualityofservice (QoS) subsystem is one of the set of network quality of service subsystems. The vulnerability stems from the program failing to perform boundary detection on the values in the packet correctly. Failed attempts will likely result in denial-of-service conditions