VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf37392. Vendors have confirmed this vulnerability Bug ID CSCvf37392 It is released as.Information may be obtained and information may be altered. The device provides SaaS-based access control, real-time network reporting and tracking, and security policy development. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the administrative shell of Cisco AsyncOS on Cisco Email Security Appliance (ESA) and Content Security Management Appliance (SMA) could allow an authenticated, local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a privilege level of a guest user. The vulnerability is due to an incorrect networking configuration at the administrative shell CLI. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a set of crafted, malicious commands at the administrative shell. An exploit could allow the attacker to gain root access on the device. Cisco Bug IDs: CSCvb34303, CSCvb35726. Vendors have confirmed this vulnerability Bug ID CSCvb34303 and CSCvb35726 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco AsyncOS is an operating system used in these products

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. Cisco Prime Infrastructure Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvg36875 It is released as.Information may be obtained and information may be altered. An attacker can exploit this issue to gain elevated privileges on an affected device

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646. Vendors have confirmed this vulnerability Bug ID CSCve37646 It is released as.Information may be obtained and information may be altered. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076. Cisco WAP150 and WAP361 Wireless-AC/N Dual wireless access points are vulnerable to cross-site scripting. Vendors have confirmed this vulnerability Bug ID CSCve57076 It is released as.Information may be obtained and information may be altered. The vulnerability stems from the failure of the program to adequately validate user-submitted data. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable GUI command. An exploit could allow the attacker to execute commands on the underlying BusyBox operating system. These commands are run at the privilege level of the authenticated user. The attacker needs valid device credentials for this attack. Cisco Bug IDs: CSCvg74691. Vendors have confirmed this vulnerability Bug ID CSCvg74691 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WebmanagementGUI is one of the web management interfaces

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341. Vendors have confirmed this vulnerability Bug ID CSCvg19341 It is released as.Information may be obtained and information may be altered. ProfileEditor is one of the Profile document editors. Attackers can exploit this issue to obtain potentially sensitive information or perform unauthorized actions. This may lead to further attacks

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660. Cisco NX-OS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuv98660 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. NX-OS Software is a data center operating system that runs on it

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269. Vendors have confirmed this vulnerability Bug ID CSCvf20269 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221. Vendors have confirmed this vulnerability Bug ID CSCvg00221 It is released as.Information may be obtained. This may result in further attacks. ConfD server is one of the configuration management servers

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313. Vendors have confirmed this vulnerability Bug ID CSCvg30313 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. Vendors have confirmed this vulnerability Bug ID CSCvg36996 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. An information disclosure vulnerability exists in CWMS

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664. Vendors have confirmed this vulnerability Bug ID CSCvg42664 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. Cisco WebEx Meetings Server Contains vulnerabilities related to security features. Vendors have confirmed this vulnerability Bug ID CSCvg46741 It is released as.Information may be obtained and information may be altered. This may aid in further attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by utilizing available resources to study the customer network. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCvg46806. Vendors have confirmed this vulnerability Bug ID CSCvg46806 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

D-LinkDIR615/645/815 is a wireless router product from D-Link. A remote command execution vulnerability exists in D-Link DIR615/645/815 Router 1.03 and previous firmware versions. The vulnerability is caused by the splicing of the data in the HTTP POST request in service.cgi, causing the background commands to be spliced, resulting in arbitrary commands.

A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system. Brocade Fabric OS (FOS) Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. BrocadeFibreChannelSANproducts are Brocade switches and BrocadeFabricOS (FOS) is an embedded system running on them. Security vulnerabilities exist in BrocadeFibreChannelSAN products prior to BrocadeFOS7.4.2b, pre-8.1.2, and pre-8.0.6 IPv6 stacks. Broadcom Fabric OS is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause a denial-of-service condition due to excessive CPU consumption. Versions prior to Broadcom Fabric OS 7.4.2b, 8.1.2 and 8.2.0 are vulnerable

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring. ASUS The router contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSrouters is a wireless router product from ASUS. A buffer overflow vulnerability exists in the \342\200\230ej_update_variables\342\200\231 function of the router/httpd/web.c file in the ASUS router. An attacker could exploit the vulnerability to execute code by sending a request to update settings

A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. Cisco UCS Central The software is vulnerable to resource exhaustion. Vendors have confirmed this vulnerability Bug ID CSCuv34544 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the affected device to consume excessive CPU resources, denying service to legitimate users

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332. Cisco StarOS The operating system includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCvf93332 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Seriesrouters is a 5000 series secure router device from Cisco. The Cisco StarOS operating system is a set of virtualized operating systems running on it