VARIoT IoT vulnerabilities database

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). tcpdump Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TcpDump can completely intercept the data packets transmitted in the network for analysis. It supports filtering for the network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. Vendors have confirmed this vulnerability Bug ID CSCsm45390 and CSCuw77959 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. Failed attempts will likely result in denial-of-service conditions. DHCP relay is one of the components used to implement the function of processing and forwarding DHCP information between different subnets and physical network segments

A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. Vendors have confirmed this vulnerability Bug ID CSCuz46036 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Huawei MAX PRESENCE , TP3106 ,and TP3206 Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Huawei MAX PRESENCE, TP3106 and TP3206 are all panoramic video conferencing solutions of China's Huawei (Huawei). H323 protocol is one of the video and audio communication protocols. The vulnerability is caused by the fact that the program does not fully verify data packets. An attacker who successfully logs in could exploit the vulnerability by sending a specially crafted packet to cause a process restart (out-of-bounds read)

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot. Huawei MAX PRESENCE , TP3106 ,and TP3206 Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Huawei MAX PRESENCE, TP3106 and TP3206 are all panoramic video conferencing solutions of China's Huawei (Huawei). H323 protocol is one of the video and audio communication protocols. The vulnerability is caused by the fact that the program does not fully verify data packets. An attacker who successfully logs in could exploit the vulnerability by sending a specially crafted packet to cause a process restart (out-of-bounds read)

MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. Huawei MAX PRESENCE , TP3106 ,and TP3206 Contains vulnerabilities related to insufficient validation of data reliability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Huawei MAX PRESENCE, TP3106 and TP3206 are all panoramic video conferencing solutions of China's Huawei (Huawei). H323 protocol is one of the video and audio communication protocols

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069. Vendors report this vulnerability Bug IDs: CSCvd45069 Published as.Denial of service (DoS) May be in a state. The Cisco Catalyst 3650 and 3850 switches are Cisco switches. IOSXESoftware is one of the operating systems for network devices. Wirelesscontrollermanager is one of the wireless controller management programs. A denial of service vulnerability exists in the wirelesscontrollermanager in IOSXESoftware on the Cisco Catalyst 3650 and 3850 switches, which stems from a program failing to validate the input

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746. Cisco IOS XE Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvd73746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Catalyst 4500E SupervisorEngine8-E (Wireless) Switches is a switch device. IOSXESoftware is a set of operating systems used in it. The WirelessControllerGUI is the graphical user interface of one of the wireless controllers. There are privilege escalation vulnerabilities in IOSXESoftware's Web-based WirelessControllerGUI in several Cisco products. IOS XE Software is an operating system used in it. 2E version, 3.7.3E version, 3.7.4E version, 3.7.5E version

A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. Cisco IOS and IOS XE Contains an input validation vulnerability and an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc33171 It is released as.Information may be obtained. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. The title have been changed to better reflect the vulnerability information. Network Plug and Play application is one of the network hot plug applications

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. Vendors have confirmed this vulnerability Bug ID CSCuy83062 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217. Cisco IOS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc57217 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco in the United States for its network equipment

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809. Cisco IOS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc03809 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoIntegratedServicesRoutersGeneration2(ISRG2)Routers is a router device from Cisco. IOS is one of the operating systems for network devices. A denial of service vulnerability exists in the protocol implementation of IOS15.0 to 15.6 in CiscoIntegratedServicesRoutersGeneration2(ISRG2)Routers, which stems from the failure of the program to properly classify Ethernet frames

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz95334 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc43709 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz47179 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. Vendors have confirmed this vulnerability Bug ID CSCvc18008 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXE is an operating system developed by Cisco Systems for its network devices. This may lead to further attacks

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. Vendors have confirmed this vulnerability Bug ID CSCvc41277 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Internet Key Exchange Version 2 (IKEv2) module is one of the key exchange protocol modules

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a LAD file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of an SFC file. The process does not properly validate user-supplied data which, can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a SegCmt record in an EPC file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.