VARIoT IoT vulnerabilities database

A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. This vulnerability affects all Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software when at least one IPv4 helper address is configured on an interface of the device. Cisco Bug IDs: CSCvi35625. Vendors have confirmed this vulnerability Bug ID CSCvi35625 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow the attacker to cause the SESSMGR process on the affected device to restart unexpectedly, which could briefly impact traffic while the SESSMGR process restarts and result in a DoS condition. Cisco Bug IDs: CSCvg88786. Vendors have confirmed this vulnerability Bug ID CSCvg88786 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605. Cisco StarOS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve29605 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. VirtualizedPacketCore (VPC) SystemSoftware is a commercial version of the StarOS software deployed on a dedicated hardware platform. StarOS is a set of operating systems used in it. IPsecManager is one of the IPsec managers

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409. Vendors have confirmed this vulnerability Bug ID CSCvf54409 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper error handling while processing SSL traffic. An attacker could exploit this vulnerability by sending a large volume of crafted SSL traffic to the vulnerable device. A successful exploit could allow the attacker to degrade the device performance by triggering a persistent high CPU utilization condition. Cisco Bug IDs: CSCvh89340. Cisco Firepower System Software Contains a resource management vulnerability. Vendors report this vulnerability Bug ID CSCvh89340 Published as.Denial of service (DoS) May be in a state. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive CPU memory consumption. Secure Sockets Layer (SSL) is one of the SSL (Secure Sockets Layer protocol) engines

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116. Vendors have confirmed this vulnerability Bug ID CSCvf22116 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218. Vendors have confirmed this vulnerability Bug ID CSCvf20218 It is released as.Information may be obtained. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. The buffer overflow vulnerability is caused by the length of the source string specified (instead of the buffer size) as the number of bytes to be copied. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. A remote attacker could exploit the vulnerability by sending a specially crafted request to cause a denial of service (crash)

A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number. plural Schneider Electric Product Contains a session expiration vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric MiCOM Px4x, MiCOM P540D Range and MiCOM Px4x Rejuvenated are relay products of French Schneider Electric (Schneider Electric). Attackers can exploit this vulnerability to disable network communication for users. The following products and versions are affected: Schneider Electric MiCOM P14x version 46, all D6 versions except MiCOM P44x D6(E), MiCOM P64x, MiCOM P849 (MiCOM Px4x); MiCOM P445 version 35, version 36, version 37, version E0 , F0* version, F1 version, F2 version, MiCOM P443Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, P446 Version 54, Version 55, Version 57, Version B0, Version D0*, Version D1, Version D2, MiCOM P543 to P546 44 Version, Version 54, Version 45, Version 55, Version 47, Version 57, Version A0, Version B0, Version C0*, Version DO*, Version D1, Version D2, MiCOM P841A Version 44, Version 45, Version 47, Version A0 , C0(*) version, C1 version, C2 version, MiCOM P841B 54 version, 55 version, 57 version, B0 version, D0*) version, D1 version, D2 (MiCOM P540D Range); MiCOM P443 H4 version, MiCOM P445 H4 version, MiCOM P446 H4 version, MiCOM All P54x H4 version, MiCOM P841A H4 version, MiCOM P841B H4 version, other versions except MiCOM P14x B2(B), MiCOM P44x, MiCOM P64x, MiCOM P746, MiCOM P849 (MiCOM Px4x Rejuvenated )

D-Link DIR-615 T1 devices allow XSS via the Add User feature. D-Link DIR-615 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. D-Link DIR-615 is a small wireless router product of D-Link. There is a cross-site scripting vulnerability in the D-Link DIR-615 T1 version. The vulnerability is caused by the program not correctly validating the input submitted by the user. Remote attackers can exploit this vulnerability to inject malicious scripts into web pages by using the user-added function

A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution. plural Schneider Electric The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. The HTTP request parser is one of the HTTP request parsers. A remote attacker can exploit this vulnerability to execute arbitrary code

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer overflow. plural Schneider Electric The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. An attacker could exploit the vulnerability to cause a denial of service (crash)

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization. plural Schneider Electric The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric Modicon M340 and others are programmable logic controller products from Schneider Electric, France. Security vulnerabilities exist in several Schneider Electric products. A remote attacker could exploit the vulnerability to execute arbitrary code by sending a specially crafted request

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi07812. Vendors have confirmed this vulnerability Bug ID CSCvi07812 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Connect is a client software developed by Cisco, which has the functions of instant messaging, IP telephony, voice, video and web conferencing. IM is one of the instant messaging components

A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection (AMP) for Endpoints macOS Connector could allow an unauthenticated, remote attacker to bypass malware detection. The vulnerability occurs because the software relies on only the file extension for detecting DMG files. An attacker could exploit this vulnerability by sending a DMG file with a nonstandard extension to a device that is running an affected AMP for Endpoints macOS Connector. An exploit could allow the attacker to bypass configured malware detection. Cisco Bug IDs: CSCve34034. Vendors have confirmed this vulnerability Bug ID CSCve34034 It is released as.Information may be tampered with. This may aid in further attacks

A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208. Vendors have confirmed this vulnerability Bug ID CSCvh99208 It is released as.Information may be obtained. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. The solution scales and protects devices, applications, and more within the network

A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272. Vendors have confirmed this vulnerability Bug ID CSCvh31272 It is released as.Information may be obtained. This may aid in further attacks. The solution enables navigation and in-depth network analysis of current and historical data to make critical business and technology decisions

A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222. Vendors have confirmed this vulnerability Bug ID CSCvh31222 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. Floodlight Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. Schneider Electric Triconex Tricon MP model 3008 Firmware contains buffer error vulnerabilities and authorization / privilege / access control vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Triconex Tricon 3008 is a network equipment product from Schneider Electric, France. There are unauthorized operating vulnerabilities in SchneiderElectricTriconexTricon. Schneider Electric Triconex Tricon 3008 MP is prone to multiple memory corruption vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected device. Failed exploit attempts may result in a denial-of-service condition. Triconex Tricon 3008 MP Firmware versions 10.0 through 10.4 are vulnerable