VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201805-0493 CVE-2018-0249 Cisco Aironet 1800 Series Access Point Input validation vulnerability CVSS V2: 3.3
CVSS V3: 4.3
Severity: MEDIUM
A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. A successful exploit could prevent new clients from joining the AP. The vulnerability is due to incorrect handling of malformed or invalid 802.11 Association Requests. An attacker could exploit this vulnerability by sending a malformed stream of 802.11 Association Requests to the local interface of the targeted device. A successful exploit could allow the attacker to cause a DoS situation on an affected system, causing new client 802.11 Association Requests to fail. This vulnerability affects the following Cisco products: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Cisco Bug IDs: CSCvg02116. Vendors have confirmed this vulnerability Bug ID CSCvg02116 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201805-0498 CVE-2018-0262 Cisco Meeting Server Vulnerabilities in environment settings CVSS V2: 6.8
CVSS V3: 8.1
Severity: HIGH
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. Vendors have confirmed this vulnerability Bug ID CSCvg76469 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions
VAR-201805-0495 CVE-2018-0252 Cisco Wireless LAN Controller Software resource management vulnerability CVSS V2: 7.8
CVSS V3: 8.6
Severity: HIGH
A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222. Vendors have confirmed this vulnerability Bug ID CSCvf89222 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201805-0494 CVE-2018-0250 Cisco Aironet for FlexConnect Access Points of Central Web Authentication Vulnerability in protection mechanism CVSS V2: 2.7
CVSS V3: 4.1
Severity: MEDIUM
A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated, adjacent attacker to bypass a configured FlexConnect access control list (ACL). The vulnerability is due to the AP ignoring the ACL download from the client during authentication. An attacker could exploit this vulnerability by connecting to the targeted device with a vulnerable configuration. A successful exploit could allow the attacker to bypass a configured client FlexConnect ACL. This vulnerability affects the following Cisco products if they are running a vulnerable release of Central Web Authentication with FlexConnect Access Points Software: Aironet 1560 Series Access Points, Aironet 1810 Series OfficeExtend Access Points, Aironet 1810w Series Access Points, Aironet 1815 Series Access Points, Aironet 1830 Series Access Points, Aironet 1850 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: Central Web Authentication with FlexConnect Access Points was an unsupported configuration until 8.5.100.0. Cisco Bug IDs: CSCve17756. Vendors have confirmed this vulnerability Bug ID CSCve17756 It is released as.Information may be tampered with. There are security vulnerabilities in CWAs that use APs in several Cisco products
VAR-201805-0923 CVE-2018-5516 plural F5 Access control vulnerabilities in products CVSS V2: 4.7
CVSS V3: 4.7
Severity: MEDIUM
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed. plural F5 The product contains an access control vulnerability.Information may be obtained. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. TMOSShell (tmsh) is one of the command line tools. There are security vulnerabilities in TMOSShell in several F5 products. An attacker could exploit this vulnerability to obtain objects on the file system. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, version 11.2.1 to version 11.6.3.1; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2 Versions, 11.2.1 to 11.6.3.1; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.2, 11.2.1 to 11.6.3.1; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.2, Version 11.2.1 to Version 11.6.3.1; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1
VAR-201805-0521 CVE-2018-0286 Cisco IOS XR Software resource management vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. Cisco IOS XR The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg95792 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions
VAR-201805-0518 CVE-2018-0281 Cisco Firepower System Cryptographic vulnerabilities in software CVSS V2: 5.0
CVSS V3: 5.8
Severity: MEDIUM
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of a Transport Layer Security (TLS) extension during TLS connection setup for the affected software. An attacker could exploit this vulnerability by sending a crafted TLS connection setup request to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg97808. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg97808 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state
VAR-201805-0519 CVE-2018-0283 Cisco Firepower System Cryptographic vulnerabilities in software CVSS V2: 5.0
CVSS V3: 5.8
Severity: MEDIUM
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device, resulting in a brief denial of service (DoS) condition. The vulnerability is due to the incorrect handling of Transport Layer Security (TLS) TCP connection setup for the affected software. An attacker could exploit this vulnerability by sending crafted TLS traffic to an affected device. A successful exploit could allow the attacker to cause the Snort detection engine on the affected device to restart, resulting in a DoS condition. Cisco Bug IDs: CSCvg99327. Cisco Firepower System The software contains cryptographic vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvg99327 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The detection engine is one of the intrusion detection engines
VAR-201805-0520 CVE-2018-0285 Cisco Prime Service Catalog Resource management vulnerability CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568. Vendors have confirmed this vulnerability Bug ID CSCvd39568 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources
VAR-201805-0326 CVE-2018-10676 TBK Vision DVR Vulnerabilities related to certificate and password management in devices CVSS V2: 5.0
CVSS V3: 9.8
Severity: CRITICAL
CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. TBK Vision DVR The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CeNova DVR etc. are DVR (hard disk video recorder) devices from different manufacturers. There are security vulnerabilities in several DVR devices. Products from the following manufacturers are affected: CeNova DVR; Night OWL DVR; Novo DVR; Pulnix DVR; QSee DVR; Securus DVR; TBK Vision DVR
VAR-201805-0927 CVE-2018-5520 plural F5 BIG-IP Access control vulnerabilities in products CVSS V2: 3.5
CVSS V3: 4.4
Severity: MEDIUM
On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. plural F5 BIG-IP The product contains an access control vulnerability.Information may be obtained. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. TMOSShell (tmsh) is one of the command line tools. There are security vulnerabilities in TMOSShell in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, version 11.2.1 to version 11.6.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, 11.2.1 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions, 11.2.1 to 11.6.3; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11
VAR-201805-0523 CVE-2018-0288 Cisco WebEx Recorder and Player WRF File Length Field Out-Of-Bounds Read Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: 5.3
Severity: LOW
A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WRF Player. An attacker could exploit this vulnerability by utilizing a maliciously crafted file that could bypass checks in the code and enable an attacker to read memory from outside the bounds of the mapped file. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCvh89107, CSCvh89113, CSCvh89132, CSCvh89142. Vendors have confirmed this vulnerability Bug ID CSCvh89107 , CSCvh89113 , CSCvh89132 ,and CSCvh89142 It is released as.Information may be obtained. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of WRF files. Crafted data in a WRF file can trigger a read past the end of a mapped view of a file. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process
VAR-201805-0522 CVE-2018-0287 Cisco WebEx Network Recording Player for Advanced Recording Format Input validation vulnerability CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to a design flaw in the affected software. An attacker could exploit this vulnerability by sending a user an email attachment or link to a malicious ARF file and persuading the user to open the file or follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvh70213, CSCvh70222, CSCvh70228. Vendors have confirmed this vulnerability Bug ID CSCvh70213 , CSCvh70222 ,and CSCvh70228 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
VAR-201805-0206 CVE-2017-17020 plural D-Link Command injection vulnerability in product firmware CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system. D-Link DCS-5009 , DCS-5010 ,and DCS-5020L The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DCS-5009, DCS-5010 and DCS-5020L are all different types of network camera products from D-Link. Alphapd is one of the web servers. A remote code execution vulnerability exists in D-LinkDCS-5009 with firmware version 1.08.11 and earlier, DCS-5010 with firmware version 1.14.09 and earlier, and alphapd in DCS-5020L with firmware prior to 1.15.01
VAR-201805-0894 CVE-2018-6242 BootROM Recovery Mode Buffer error vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code. BootROM Recovery Mode (RCM) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegramobileprocessors is a central processing unit from NVIDIA. BootROMRecoveryMode (RCM) is one of the engineering mode components that can modify the data
VAR-201805-0926 CVE-2018-5519 plural F5 BIG-IP Access control vulnerabilities in products CVSS V2: 5.5
CVSS V3: 4.9
Severity: MEDIUM
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended. plural F5 BIG-IP The product contains an access control vulnerability.Information may be tampered with. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker could exploit this vulnerability to write to any file path. An attacker can exploit this issue to access, modify or delete arbitrary files or gain escalated privileges, which may aid in further attacks. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP AAM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, version 11.2.1 to version 11.6.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3, 11.2.1 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP APM 13.0. 0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions, 11.2.1 to 11.6.3; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3, 11.2.1 to 11.6.3; BIG-IP GTM 13.0.0 to 13.1.0.5, 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP Link Controller Version 13.0.0 to Version 13.1.0.5, Version 12.1.0 to Version 12.1.3, Version 11.2.1 to Version 11.6.3; BIG-IP PEM version 13.0.0 to version 13.1.0.5, 12
VAR-201805-0925 CVE-2018-5518 plural F5 BIG-IP Access control vulnerabilities in products CVSS V2: 2.3
CVSS V3: 5.4
Severity: MEDIUM
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. plural F5 BIG-IP The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP AAM version 13.0.0 to 13.1.0.5, 12.1.0 to version 12.1.3; BIG-IP AFM version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3; BIG-IP Analytics version 13.0.0 to version 13.1.0.5, version 12.1.0 to 12.1 .3 versions; BIG-IP APM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP ASM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 Versions; BIG-IP DNS 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3 ; BIG-IP GTM versions 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP Link Controller 13.0.0 to 13.1.0.5, 12.1.0 to 12.1.3; BIG-IP PEM Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG-IP WebAccelerator Version 13.0.0 through Version 13.1.0.5, Version 12.1.0 through Version 12.1.3; BIG- IP WebSafe version 13.0.0 to version 13.1.0.5, version 12.1.0 to version 12.1.3
VAR-201805-0924 CVE-2018-5517 plural F5 BIG-IP Vulnerability related to input validation in products CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM version 13.1.0; BIG-IP AAM version 13.1.0; BIG-IP AFM version 13.1.0; BIG-IP Analytics version 13.1.0; BIG-IP APM 13.1. 0 version; BIG-IP ASM version 13.1.0; BIG-IP DNS version 13.1.0; BIG-IP Edge Gateway version 13.1.0; BIG-IP GTM version 13.1.0; BIG-IP Link Controller version 13.1.0; BIG-IP PEM version 13.1.0; BIG-IP WebAccelerator version 13.1.0; BIG-IP WebSafe version 13.1.0
VAR-201805-1019 CVE-2018-9232 T&W WIFI Repeater BE126 Authentication vulnerabilities in devices CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. T&W WIFI Repeater BE126 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GongjinElectronicsT&WWIFIRepeaterBE126 is a wireless Internet repeater from China's Gongjin Electronics. A security vulnerability exists in GongjinElectronicsT&WWIFIRepeaterBE126 that was caused by the upgrade process failing to authenticate the firmware. An attacker could exploit the vulnerability as a newer firmware with maliciously crafted firmware
VAR-201805-0958 CVE-2018-8938 Ipswitch WhatsUp Gold Code injection vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. Ipswitch WhatsUp Gold Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications