VARIoT IoT vulnerabilities database

CoDeSys is a powerful PLC software programming tool that supports IEC61131-3 standard IL, ST, FBD, LD, CFC, SFC six PLC programming languages. There are multiple authentication bypass vulnerabilities in CODESYS Runtime plclinux_rt. An attacker can use these issues to bypass the authentication mechanism and perform unauthorized operations. This can lead to further attacks

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. Reliance is a professional SCADA/HMI system designed for visualization and control of industrial processes as well as building and home automation. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. D-Link DIR-605L Model B The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-605LModelB is a wireless device from D-Link. A denial of service vulnerability exists in versions prior to D-LinkDIR-605LModelBFW2.11betaB06_hbrf

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C

Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. plural Huawei The product contains a certificate validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR3200 is a new generation network product launched by China's Huawei company. HuaweiTE40/50/60 is a high-definition video conferencing terminal that supports 1080p60. The Huawei AR3200 and others are all products of China's Huawei (Huawei). The Huawei AR3200 is an AR3200 series enterprise router. The vulnerability is caused by the fact that the program does not have the correct encrypted X.509 certificate. The following products and versions are affected: Huawei AR3200 V200R008C20, V200R008C30; TE40 V600R006C00; TE50 V600R006C00; TE60 V600R006C00

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have a memory leak vulnerability in H323 protocol. The vulnerability is due to insufficient verification of the packets. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets. A successful exploit could cause a memory leak and eventual denial of service (DoS) condition on an affected device. plural Huawei The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. Huawei's SVN series products are Huawei's secure access gateway products; NIP6300/6600 series products and SecospaceUSG series. Huawei is a new generation of professional intrusion prevention and firewall products for customers such as enterprises, IDCs, campus networks and operators. The TE series is a high definition video conferencing terminal that supports 1080p60. The vulnerability was caused by the program failing to fully verify the message. Huawei AR120-S and others are all routers of China Huawei (Huawei). H323 protocol is one of the audio and video protocols. The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30-S; AR15

Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker may send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. plural Huawei The product contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR and SRG series enterprise routers are Huawei's all-in-one routers for small and medium-sized offices or small and medium-sized enterprises. Huawei's SVN series products are Huawei's secure access gateway products; NIP6300/6600 series products and SecospaceUSG series. Huawei is a new generation of professional intrusion prevention and firewall products for customers such as enterprises, IDCs, campus networks and operators. The TE series is a high definition video conferencing terminal that supports 1080p60. A cross-border read vulnerability exists in the H323 protocol of several Huawei products. The vulnerability is caused by the program failing to fully verify the message. The attacker restarts the process by sending a specially constructed packet. Huawei AR120-S and others are all router products of China Huawei (Huawei). There are security vulnerabilities in several Huawei products. A remote attacker could exploit this vulnerability to cause a denial of service (out-of-bounds read and process restart). The following products and versions are affected: Huawei AR120-S V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R006C10 Version, V200R006C13 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200-S V200R006C10 Version , V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30-S; AR15

Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; EVA-L09C432B210; EVA-L09C440B138; EVA-L09C464B150; EVA-L09C530B127; EVA-L09C55B190; EVA-L09C576B150; EVA-L09C635B221; EVA-L09C636B193; EVA-L09C675B130; EVA-L09C688B143; EVA-L09C703B160; EVA-L09C706B145; EVA-L09GBRC555B171; EVA-L09IRLC368B160; EVA-L19C10B190; EVA-L19C185B220; EVA-L19C20B160; EVA-L19C432B210; EVA-L19C636B190; EVA-L29C20B160; EVA-L29C636B191; EVA-TL00C01B198; VIE-L09C02B131; VIE-L09C109B181; VIE-L09C113B170; VIE-L09C150B170; VIE-L09C25B120; VIE-L09C40B181; VIE-L09C432B181; VIE-L09C55B170; VIE-L09C605B131; VIE-L09ITAC555B130; VIE-L29C10B170; VIE-L29C185B181; VIE-L29C605B131; VIE-L29C636B202 have a denial of service (DoS) vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation can cause camera application unusable. plural Huawei Smartphone software contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. The HuaweiEVA series and the VIE series are all smartphone products of China Huawei. The following products and versions are affected: Huawei EVA-AL10 EVA-AL10C00B198 version; EVA-CL00 EVA-CL00C92B198 version; EVA-DL00 EVA-DL00C17B198 version; EVA-L09 EVA-L09C02B143 version, EVA-L09C09B150 version, EVA-L09C113B150 Version, EVA-L09C150B192 Version, EVA-L09C178B161 Version, EVA-L09C185B180 Version, EVA-L09C22B140 Version, EVA-L09C25B133 Version, EVA-L09C33B191 Version, EVA-L09C34B142 Version, EVA-L09C40B196 Version, EVA-L09C432B210 Version, EVA-L09C440B138 Version, EVA-L09C464B150 Version, EVA-L09C530B127 Version, EVA-L09C55B190 Version, EVA-L09C576B150 Version, EVA-L09C635B221 Version, EVA-L09C636B193 Version, EVA-L09C675B130 Version, EVA-L09C688B143 Version, EVA-L09C703B160 Version, EVA-L09C706B145 Version, EVA-L09GBRC555B171 Version, EVA-L09IRLC368B160 Version; EVA-L19 EVA-L19C10B190 Version, EVA-L19C185B220 Version, EVA-L19C20B160 Version, EVA-L19C432B210 Version, EVA-L19C636B190 Version; EVA-L29 EVA-L29C20B160 Version , EVA-L29C636B191 version; EVA-TL00 EVA-TL00C01B198 version; VIE-L09..

Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot. The Huawei AR3200 series enterprise router is a new generation network product launched by Huawei. The attacker successfully sends the vulnerability to the system by sending a special SCTP packet to the device. The following versions are affected: Huawei AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, and V230R008C

Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. are the intrusion prevention and intrusion detection products of China Huawei (Huawei). There are security vulnerabilities in several Huawei products. The vulnerability is caused by the program not fully verifying the parameters in the message. The following products and versions are affected: Huawei IPS Module V500R001C00 Version; NGFW Module V500R001C00 Version; NIP6300 V500R001C00 Version; NIP6600 V500R001C00 Version; Secospace USG6300 V500R001C00 Version; Secospace USG6500 V500R001C00 Version; USG9500 V500R001C00 Version

Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash. HuaweiMate9Pro is a smartphone product from China's Huawei company. HuaweiMate9Pro has a memory corruption vulnerability. Huawei Mate 9 Pro is China's Huawei ( Huawei ) company's smartphone

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. Huawei FusionSphere OpenStack Contains an information disclosure vulnerability.Information may be obtained. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed. Lenovo XClarity Administrator (LXCA) Contains an information disclosure vulnerability.Information may be obtained. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. A security vulnerability exists in versions prior to LXCA 1.4.0

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173. Vendors have confirmed this vulnerability Bug ID CSCve99925 , CSCvf15164 , CSCvf15167 , CSCvf15170 ,and CSCvf15173 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. The CLI is one of the command line programs

A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843. Vendors have confirmed this vulnerability Bug ID CSCvf63843 It is released as.Information may be tampered with. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. The product invites others to join the meeting via email or instant messaging (IM), enabling online product demonstrations, information sharing, and more

A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590. Cisco IP Phone 8800 Series devices contain an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc62590 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. SessionInitiationProtocol (SIP) is a session initiation protocol used in it. A remote attacker may exploit this issue to cause a denial-of-service condition; denying service to legitimate users

A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco FXOS or NX-OS System Software: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51700, CSCve93833, CSCve93860, CSCve93863, CSCve93864, CSCve93880. Vendors have confirmed this vulnerability Bug ID CSCve51700 , CSCve93833 , CSCve93860 , CSCve93863 , CSCve93864 ,and CSCve93880 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series Next-GenerationFirewall and so on are products of Cisco. The Cisco Firepower 4100 Series Next-Generation Firewall is a firewall device. MultilayerDirectorSwitches is a switch product. FirepowerExtensibleOperatingSystem (FXOS) is a set of operating systems running on a firewall. NX-OSSystemSoftware is a set of operating systems running on switches. Cisco FXOS and NX-OS System Software are prone to a local command-injection vulnerability because it fails to properly sanitize user-supplied input

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879. Vendors have confirmed this vulnerability Bug ID CSCve99902 and CSCvf14879 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Array Extender. NX-OSSystemSoftware is a set of operating systems used in it. The CLI is one of the command line programs

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655. Vendors have confirmed this vulnerability Bug ID CSCvf16494 and CSCvf23655 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco MultilayerDirectorSwitches, etc. are products of Cisco. Cisco MultilayerDirectorSwitches is a switch product. UnifiedComputingSystemManager is a set of embedded device management software. Cisco NX-OS System Software is a set of software that runs on the switch. This may aid in further attacks