VARIoT IoT vulnerabilities database
VAR-201702-0808 | CVE-2017-3841 | Cisco Secure Access Control System of Web Vulnerabilities that expose important information in the interface |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5).
Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks.
This issue is tracked by Cisco Bug ID CSCvc04854. The system can respectively control network access and network device access through RADIUS and TACACS protocols
VAR-201702-0810 | CVE-2017-3843 | Cisco Prime Collaboration Assurance System file download function vulnerable to downloading system files |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0).
An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks.
This issue being tracked by Cisco Bug ID CSCvc99446. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites
VAR-201702-0813 | CVE-2017-3847 | Cisco Firepower Management Center of Web Cross-site scripting vulnerability in the framework |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1. Vendors have confirmed this vulnerability Bug ID CSCvc72741 It is released as.Of the affected system by a remote attacker.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This issue is being tracked by Cisco Bug ID CSCvc72741
VAR-201702-0437 | CVE-2016-5919 | IBM Security Access Manager Vulnerability in decrypting important information |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing
VAR-201702-0801 | CVE-2017-3801 | Cisco UCS Director of Web Base of GUI Vulnerable to elevation of privilege |
CVSS V2: 4.6 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765.
An attacker can leverage this issue to gain elevated privileges. This may aid in further attacks.
Cisco UCS Director versions 6.0.0.0 and 6.0.0.1 are vulnerable. The solution supports users to manage computing power, network services, storage, and virtual machines from a single management console to deploy and release IT services more quickly and at low cost. A local attacker could exploit this vulnerability to perform arbitrary operations
VAR-201807-0128 | CVE-2016-9496 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201807-0127 | CVE-2016-9495 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 5.8 CVSS V3: 8.8 Severity: HIGH |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201807-0126 | CVE-2016-9494 | Hughes satellite modems contain multiple vulnerabilities |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities:
1. Multiple denial-of-service vulnerabilities
2. A hard-coded credentials vulnerability
3. An authentication bypass vulnerability
An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible.
The following products are vulnerable:
HN7740S
DW7000
HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. An attacker could exploit this vulnerability by sending a specially crafted GET request to cause a denial of service. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34
VAR-201705-3256 | CVE-2017-5174 |
Geutebruck IP Camera G-Cam/EFD-2250 Access control vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution. Geutebruck IP Camera G-Cam/EFD-2250 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. An attacker exploited the vulnerability to gain unauthorized access to the affected device environment. Failed exploit attempts may result in a denial-of-service condition.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is germany Geutebruck A network camera of the company
VAR-201705-3255 | CVE-2017-5173 |
Geutebruck G-Cam/EFD-2250 Remote code execution vulnerability
Related entries in the VARIoT exploits database: VAR-E-201702-0193 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. The Geutebruck G-Cam/EFD-2250 provides a faster and safer solution for remote monitoring applications. A remote code execution vulnerability exists in Geutebruck G-Cam/EFD-2250. An attacker exploited the vulnerability to execute arbitrary code. A failed attack can result in a denial of service.
Attackers may exploit these issues to gain unauthorized access to the affected device and to execute arbitrary code within the context of the affected device.
G-Cam/EFD-2250 1.11.0.12 is vulnerable; other versions may also be affected. Geutebruck IP Camera G-Cam/EFD-2250 is a network camera produced by German Geutebruck company
VAR-201702-1128 | No CVE | SAP NetWeaver Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP NetWeaver is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users.
VAR-201702-0669 | CVE-2017-2684 | Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication |
CVSS V2: 6.8 CVSS V3: 9.0 Severity: CRITICAL |
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG.
There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT
VAR-201705-4094 | CVE-2017-8913 | SAP NetWeaver AS JAVA of Visual Composer VC70RUNTIME In the component XML External entity attack vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. SAP Netweaver Visual Composer is prone to an information disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
VAR-201702-1124 | No CVE | SAP Netweaver Remote Authorization Bypass Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
SAP Netweaver is prone to an authorization-bypass vulnerability.
Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks.
VAR-201805-0169 | CVE-2017-5175 | Advantech WebAccess DLL Hijacking vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A DLL hijacking vulnerability exists in Advantech WebAccess 8.1 and earlier. Advantech WebAccess is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input.
Advantech WebAccess 8.1 and prior are vulnerable
VAR-201704-0652 | CVE-2017-5670 | Riverbed RiOS Vulnerability in which important information is obtained |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks. RiverbedSteelhead is a hardware device used to optimize and accelerate network traffic. Implemented as a TLS endpoint, they have a secure library that stores the server's private TLS certificate. There is a local security bypass vulnerability in RiverbedRiOS. The attacker exploited the vulnerability to bypass some security restrictions and perform unauthorized operations
VAR-201702-0887 | CVE-2017-2374 | Apple GarageBand and Logic Pro X Update for vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-02-21-1 GarageBand 10.1.6
GarageBand 10.1.6 is now available and addresses the following:
Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos
Installation note:
GarageBand may be obtained from the Mac App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw
H10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW
Znr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL
Ali8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY
Ykn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn
K4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer
6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN
5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW
ypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu
+X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7
+Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga
b9ZTShls177KyTLSw0CW
=gmwM
-----END PGP SIGNATURE-----
VAR-201702-1107 | No CVE | There is a command execution vulnerability in the Rico Virtual VPN Gateway |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The virtual VPN gateway is a virtual gateway device of Ruike Electronic Technology Co., Ltd. There is a command execution vulnerability in the Rico Virtual VPN Gateway that allows an attacker to exploit arbitrary commands or reveal sensitive information.
VAR-201702-0190 | CVE-2016-7762 | Apple iOS Used in etc. Webkit Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome
VAR-201702-0189 | CVE-2016-7761 | Apple macOS of WiFi Vulnerabilities in which important network configuration information is obtained in components |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. Apple macOS is prone to a local information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. WiFi is one of the wireless connectivity components