VARIoT IoT vulnerabilities database

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937. Cisco SD-WAN Solution Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69937 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote code-execution vulnerability. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows authenticated attackers to cause denial-of-service (DoS) condition via unspecified vectors. * OS command injection (CWE-78) - CVE-2018-0643 * Buffer overflow (CWE-119) - CVE-2018-0644 IoT x Security Hackathon 2016 all participants reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * A user with access to the network that is connected to the affected product may execute an arbitrary command on the product - CVE-2018-0643 * If a user opens a specially crafted file while logged into the affected product, that may result in a denial-of-service (DoS) condition - CVE-2018-0644. The software supports functions such as electronic medical record management and collaboration software extensions. A buffer overflow vulnerability exists in ORCA, which can be exploited by an attacker to cause a denial of service

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856. Vendors have confirmed this vulnerability Bug ID CSCvi69852 and CSCvi69856 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscovBondOrchestratorSoftware and others are products of Cisco. CiscovBondOrchestratorSoftware is a set of secure network extension management software. The vEdge100SeriesRouters is a 100 Series router product. SD-WANSolution is a set of network expansion solutions running in it. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application

A vulnerability in the Cluster Manager of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to log in to an affected system using the root account, which has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the root account. An attacker could exploit this vulnerability by using the account to log in to an affected system. An exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. Cisco Bug IDs: CSCvh02680. Cisco Policy Suite Contains a vulnerability in the use of hard-coded credentials. Vendors have confirmed this vulnerability Cisco Bug IDs: CSCvh02680 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. Cluster Manager is one of the cluster managers

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. Vendors have confirmed this vulnerability Bug ID CSCvg71044 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Finesse is prone to a server-side request forgery vulnerability and an information-disclosure vulnerability. A successful exploit may allow an attacker to obtain sensitive information, perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The software improves call center service quality, improves customer experience, and increases agent satisfaction. The vulnerability stems from the fact that the program pre-fills the Password field of the login form with a password previously stored in the internal database

By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33). The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2018-199-01) New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.34-i586-1_slack14.2.txz: Upgraded. This update fixes two denial of service issues: mod_md: DoS via Coredumps on specially crafted requests mod_http2: DoS for HTTP/2 connections by specially crafted requests For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.34-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.34-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.34-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.34-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.34-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.34-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.34-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.34-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 91123a66731b7803ebac0f55e3099e81 httpd-2.4.34-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 49c0a8ae83d724da460b73a78ddf1dda httpd-2.4.34-x86_64-1_slack14.0.txz Slackware 14.1 package: d695afcd996b00f7dbe00c89bf1c0ee1 httpd-2.4.34-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 8ebc97729250d80d319174ff64ca2921 httpd-2.4.34-x86_64-1_slack14.1.txz Slackware 14.2 package: 149a610e5280fcfbbe1066fa9cfeb970 httpd-2.4.34-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 7a35ce525340631b74e8ffe9e58f2b4c httpd-2.4.34-x86_64-1_slack14.2.txz Slackware -current package: d95348a370dd9c2edc92c6f2274b8ce2 n/httpd-2.4.34-i586-1.txz Slackware x86_64 -current package: daea307cb655b015c4bafcbec6ba9869 n/httpd-2.4.34-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.4.34-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAltPwl8ACgkQakRjwEAQIjM2gACdFx/ujiL+fhuVlaiEFb30V3G4 a2EAn3DP5XwN0g9OQlrQ+shbkmVYyFHh =zaoO -----END PGP SIGNATURE-----

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values in packets that are sent to the Zero Touch Provisioning service of the affected software. An attacker could exploit this vulnerability by sending malicious packets to the affected software for processing. When the software processes the packets, a buffer overflow condition could occur and cause an affected device to reload. A successful exploit could allow the attacker to cause a temporary DoS condition while the device reloads. This vulnerability can be exploited only by traffic that is destined for an affected device. It cannot be exploited by traffic that is transiting a device. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69914. Cisco SD-WAN Solution Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvi69914 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco SD-WAN is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Smart Controller Software is a set of intelligent network control software. SD-WAN Solution is a set of network expansion solutions running in it

A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. Vendors have confirmed this vulnerability Bug ID CSCvh66250 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The program includes features such as video conferencing, group messaging and file sharing

Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors. McAfee Web Gateway (MWG) Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee WebGateway (MWG) is a security gateway product from McAfee. This product provides features such as threat protection, application control, and data loss prevention. A directory traversal vulnerability exists in the administrative user interface in the McAfeeMWG7.8.1.x release. An attacker could exploit the vulnerability to gain elevated privileges. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032. Vendors have confirmed this vulnerability IBM X-Force ID: 132032 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. The vulnerability is caused by the program using a weak cryptographic algorithm

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors. McAfee Web Gateway is prone to a privilege-escalation vulnerability and a remote code-execution vulnerability. Attackers can leverage these issues to gain elevated privileges or execute arbitrary commands within the context of the affected application. The product provides features such as threat protection, application control, and data loss prevention. The management interface in McAfee MWG 7.8.1.x version has a security vulnerability. An attacker could exploit this vulnerability to execute arbitrary code

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). MusicCenter / Trivum Multiroom Setup tool C4 Professional Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players). A remote attacker could exploit this vulnerability to unauthorized reset authentication by sending '?id=0&attr=protectAccess&newValue=0' GET request

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). Touchpad / Trivum WebTouch Setup V9 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Touchpad/Trivum WebTouch Setup is a tool for installing and setting up a touch screen control device for a streaming media source (music player). There is a security vulnerability in Touchpad/Trivum WebTouch Setup V9 2.53 build 13163

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=_0" or "?oid=systemUsers&id=_0" GET request. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players)

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. Vendors have confirmed this vulnerability IBM X-Force ID: 130812 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. MusicCenter / Trivum Multiroom Setup tool C4 Professional Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players). A remote attacker can use the '/xml/system/control.xml' URL to exploit this vulnerability to cause the device to reboot or execute arbitrary code

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example. Touchpad / Trivum WebTouch Setup V9 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Touchpad/Trivum WebTouch Setup is a tool for installing and setting up a touch screen control device for a streaming media source (music player). There is a security vulnerability in Touchpad/Trivum WebTouch Setup V9 2.53 build 13163. A remote attacker can use the '/xml/system/control.xml' URL to exploit this vulnerability to cause the device to reboot or execute arbitrary code on the system

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688. Vendors have confirmed this vulnerability IBM X-Force ID: 140688 It is released as.Information may be obtained. An attacker can exploit these issues to gain access to sensitive information. Information obtained may aid in other attacks. IBM Sterling B2B Integrator is a set of software integrated with important B2B processes, transactions and relationships from IBM Corporation of the United States. The software supports secure integration of complex B2B processes with diverse partner communities

The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. VelotiSmart WiFi B-380 camera is a network camera device. uc-http service is one of the HTTP service components. Attackers can exploit this vulnerability to obtain device configuration, wireless scan network and sensitive directory information

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.