VARIoT IoT vulnerabilities database

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite system files that are stored in the flash memory of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the affected operating system. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command for the affected operating system. A successful exploit could allow the attacker to overwrite or modify arbitrary files that are stored in the flash memory of an affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93335. Vendors have confirmed this vulnerability Bug ID CSCvf93335 It is released as.Information may be tampered with

SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Huawei DP300, RP200, and TE series are integrated desktop telepresence and integrated video conferencing terminal products of China Huawei. The vulnerability was caused by the device failing to adequately verify the message check. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. RP200 is a video conferencing all-in-one device. SCCPX module is one of the signaling link control modules. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, Version V600R006C00

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206. Cisco Spark Contains an access control vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg05206 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoSpark is a suite of collaborative service solutions from Cisco. By providing a virtual space, the program allows teams at any location to work together, talk and video, and discuss topics, store team files and files. An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks

KingView 7.5 SP1 is the latest version of Kingview series, which provides strong support for users to improve engineering configuration efficiency and reduce project implementation costs. HistorySvr.exe in KingView 7.5 SP1 has a denial of service vulnerability. The vulnerability is caused by reading a null pointer in the king.dll dynamic link library. Allowing remote attackers to submit socket requests containing special bytes, causing History.exe to crash. When the user closes the main program Touchvew and opens and runs Touchvew again, the history library is prompted: Failed to open the project mapped memory area. The vulnerability also exists in Kingview 6.6 SP2

Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie. Promise Technology WebPam Pro-E The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PromiseTechnologyWebPamPro-Edevices is a data center device from PromiseTechnology. A security vulnerability exists in the PromiseTechnologyWebPamPro-E device due to a failure to filter parameters by PHPSESSIDcookie

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656. Vendors have confirmed this vulnerability Bug ID CSCve17656 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, the attacker must provide a valid username. The vulnerability is due to incorrect RADIUS user credential validation. An attacker could exploit this vulnerability by attempting to access a Cisco Policy Suite domain configured with RADIUS authentication. An exploit could allow the attacker to be authorized as a subscriber without providing a valid password. This vulnerability affects the Cisco Policy Suite application running a release prior to 13.1.0 with Hotfix Patch 1 when RADIUS authentication is configured for a domain. Cisco Policy Suite Release 14.0.0 is also affected, as it includes vulnerable code, but RADIUS authentication is not officially supported in Cisco Policy Suite Releases 14.0.0 and later. Cisco Bug IDs: CSCvg40124. Vendors have confirmed this vulnerability Bug ID CSCvg40124 It is released as.Information may be obtained and information may be altered. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. RADIUS authentication module is one of the RADIUS protocol authentication modules

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810. Vendors have confirmed this vulnerability Bug ID CSCvg74810 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825. Vendors have confirmed this vulnerability Bug ID CSCve70825 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker send specially crafted Session Initiation Protocol (SIP) messages to the affected products. Due to insufficient input validation, successful exploit will cause some services abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. SIP (SessionInitiationProtocol) is one of the session initiation protocol modules. The SIP (SessionInitiationProtocol) module in several Huawei products has a border-bound read vulnerability, which is caused by the program not fully verifying the value in the message. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 version, V600R006C00 version

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. Vendors have confirmed this vulnerability Bug ID CSCvg39759 and CSCvg42295 It is released as.Information may be obtained. Spamquarantine is one of the spam isolation components. Multiple Cisco Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946. Cisco Firepower System Software Contains a vulnerability related to failure of the protection mechanism. Vendors have confirmed this vulnerability Bug ID CSCve26946 It is released as.Information may be tampered with. Detectionengine is one of the intrusion detection engines. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592. Vendors have confirmed this vulnerability Bug ID CSCvh66592 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have a resource management error vulnerability. A remote attacker may send huge number of specially crafted SIP messages to the affected products. Due to improper handling of some value in the messages, successful exploit will cause some services abnormal. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei DP300 and other products are all products of China Huawei. The DP300 is a video conferencing terminal. The RP200 is a video conferencing machine. SIP (SessionInitiationProtocol) is one of the session initiation protocol modules. The vulnerability stems from the failure of the program to correctly process the value in the message. The following products and versions are affected: Huawei DP300 V500R002C00 Version; RP200 V500R002C00 Version, V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C01 Version, V100R001C10 Version, V500R002C00 version, V600R006C00 version

A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to the absence of user authentication requirements for certain pages that are part of the web interface and contain confidential information for an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device and examining the HTTP response to the request. A successful exploit could allow the attacker to view configuration parameters, including the administrator password, for the affected device. Cisco Bug IDs: CSCvg92739, CSCvh60172. Vendors have confirmed this vulnerability Bug ID CSCvg92739 and CSCvh60172 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco RV132WADSL2+Wireless-NVPN and RV134WVDSL2Wireless-ACVPNRouters are routers of Cisco Systems of the United States. Webinterface is one of the web interfaces. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks

A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718. Cisco IOS XR Software Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCus84718 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXR Software is a fully modular, distributed network operating system from Cisco's IOS software family, including IOST, IOSS, and IOSXR. Attackers can exploit this issue to cause the denial-of-service conditions

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644. Vendors have confirmed this vulnerability Bug ID CSCvf17644 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02082. Vendors have confirmed this vulnerability Bug ID CSCvh02082 It is released as.Information may be obtained and information may be altered. Other attacks are also possible

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152. Cisco Prime Network Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg48152 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvh02088. Vendors have confirmed this vulnerability Bug ID CSCvh02088 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks