VARIoT IoT vulnerabilities database

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. Vendors have confirmed this vulnerability Bug ID CSCvg12559 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. ArrisTG1682Gdevices is a Modem (Modem) router all-in-one device from Arris Group of the United States. ComcastTG1682_2.0s7_PRODse is a firmware developed by Comcast Corporation of the United States. A cross-site scripting vulnerability exists in the ArrisTG1682G device using the ComcastTG1682_2.0s7_PRODse10.0.59.SIP.PC20.CT version. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML with the actionHandler/ajax_managed_services.php service parameter

IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852. Vendors have confirmed this vulnerability IBM X-Force ID: 131852 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. IBM Jazz Team Server affects the following IBM Rational products: Collaborative Lifecycle Management (CLM) Rational DOORS Next Generation (RDNG) Rational Engineering Lifecycle Manager (RELM) Rational Team Concert (RTC) Rational Quality Manager (RQM) Rational Rhapsody Design Manager (Rhapsody DM) Rational Software Architect (RSA DM)

The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot. Huawei Smartphone software contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Glory 8 is a smartphone from China's Huawei company. Huawei Smart Phones are prone to a buffer-overflow vulnerability. Attackers can exploit this issue to reboot the system, denying service to legitimate users

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955. Cisco FindIT Network Discovery Utility Contains a vulnerability related to uncontrolled search path elements. Vendors have confirmed this vulnerability Bug ID CSCvf37955 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoFindITNetworkDiscoveryUtility is a network device manager from Cisco. This product provides management capabilities for Cisco network devices. A local attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. Cisco HyperFlex System Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg31472 It is released as.Information may be obtained. Cisco HyperFlexSystem is a data platform device from Cisco. Systemlogging is one of the system loggers

FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. FusionSphere Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere is a product of Huawei and is a cloud operating system product based on the OpenStack framework. There is a command injection vulnerability in HuaweiFusionSphere, because the program failed to fully verify the device input. The system provides virtualization functions, resource pool management and cloud basic service tools, etc

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. Cisco Spark Board Contains a vulnerability related to configuration settings. Vendors have confirmed this vulnerability Bug ID CSCvf84502 It is released as.Information may be tampered with. CiscoSparkBoard is a tablet device dedicated to video conferencing by Cisco. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. Huawei Smartphone software contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiBerlin-L21, L21HN, L22, L22HN, L23, L24HN, and FRD-L02, L04, L09, L14, and L19 are all Huawei smartphones. Huawei Berlin-L21 and others are all smartphone products of China's Huawei (Huawei). Several Huawei products have security vulnerabilities. The following products and versions are affected: Huawei Berlin-L21 Berlin-L21C10B130 version, Berlin-L21C185B133 version, Berlin-L21HN Berlin-L21HNC10B131 version, Berlin-L21HNC185B140 version, Berlin-L21HNC432B151 version; Berlin-L22HNC636B130 Version, Berlin-L22HNC675B150CUSTC675D001 Version; Berlin-L23 Berlin-L23C605B131 Version; Berlin-L24HN Berlin-L24HNC567B110 Version; FRD-L02 FRD-L02C432B120 Version, FRD-L02C635B130 Version, FRD-L02C675B170CUSTC675D001 Version; FRD-L04 FRD-L04C567B162 Version, FRD-L04C605B131 version; FRD-L09 FRD-L09C10B130 version, FRD-L09C185B130 version, FRD-L09C432B131 version, FRD-L09C636B130 version; FRD-L14 FRD-L14C567B162 version; , FRD-L19C636B130 version

A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962. Cisco ASA Next-Generation Firewall Services Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd97962 It is released as.Information may be tampered with. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398. Cisco Firepower System The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve58398 It is released as.Information may be tampered with. SNORT detection engine is one of the intrusion detection engines. The vulnerability stems from the fact that the program does not correctly detect SMB2 files

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682. Vendors have confirmed this vulnerability Bug ID CSCvf36682 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. SQL database interface is one of the database management interfaces

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. Cisco Web Security Appliance AsyncOS There is a security check vulnerability in the software. Vendors have confirmed this vulnerability Bug ID CSCvf52943 It is released as.Information may be tampered with. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. Cisco AsyncOS Software is an operating system that runs on it

A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. Vendors have confirmed this vulnerability Bug ID CSCvf60862 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IOS daemon (IOSd) is one of the IOS daemon processes

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. Vendors report this vulnerability Bug ID CSCvf80034 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The debuginterface is one of the debugging interfaces

A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705. Vendors have confirmed this vulnerability Bug ID CSCvf16705 It is released as.Information may be tampered with. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. The appliance offers spam protection, email encryption, data loss prevention, and more

An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Network Academy Packet Tracer The software contains input validation vulnerabilities and unreliable search path vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Network Academy Packet Tracer is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with administrative privileges. The software is capable of simulating file commands, visualization and configuration of network devices, and simulating data transfer interactions, etc

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. Cisco Identity Services Engine (ISE) Contains vulnerabilities related to security functions and vulnerabilities related to authentication. Vendors have confirmed this vulnerability Bug ID CSCve98518 It is released as.Information may be obtained. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the system. Successfully exploiting this issue may lead to further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887. Cisco RF Gateway 1 The device contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf19887 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. TCPstatemachine is one of the TCP state machines. A denial of service vulnerability exists in TCPstatemachine in the CiscoRFGateway1 device. An attacker can exploit this issue to cause a denial-of-service condition

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. Vendors have confirmed this vulnerability Bug ID CSCve77195 , CSCve90978 , CSCvf42310 , CSCvf42703 , CSCvf42723 , CSCvf46169 ,and CSCvf49999 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support