VARIoT IoT vulnerabilities database

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345. Vendors have confirmed this vulnerability Bug ID CSCvf25345 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform can use voice commands to make calls or listen to messages "hands-free"

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. Cisco IOS XE Contains an authentication vulnerability. Vendors have confirmed this vulnerability Bug IDs: CSCvc72751 It is released as.Information may be tampered with. Cisco Catalyst 4000 Series Switches are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks. IOS XE Software is one of the operating systems developed for network equipment

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. Vendors have confirmed this vulnerability Bug ID CSCvf47946 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to execute arbitrary code, gain access to sensitive information or cause denial-of-service conditions. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities

A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. Cisco ASR 5500 System Architecture Evolution (SAE) Gateway Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve07119 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. A refusal service vulnerability exists in the GPRSTunnelingProtocolingresspackethandler in CiscoASR5500SAEGateways

A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. Vendors have confirmed this vulnerability Bug ID CSCuz81533 It is released as.Information may be tampered with. AsyncOSSoftware is the operating system used in it. AdvancedMalwareProtection (AMP) is one of the advanced malware protection components. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771. Vendors have confirmed this vulnerability Bug ID CSCvc50771 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027. Cisco IR800 Integrated Services Router The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb44027 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed attempts may lead to denial-of-service conditions. ROM Monitor is one of the resource monitors

A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. Cisco Meeting Server Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve20873 It is released as.Information may be obtained. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392. Vendors have confirmed this vulnerability Bug ID CSCvf58392 It is released as.Information may be tampered with. The solution configures, manages, monitors and maintains the network

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. Vendors have confirmed this vulnerability Bug ID CSCvb58973 It is released as.Information may be obtained and information may be altered. The software provides features such as real-time location tracking database and caller's location

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. Cisco IOS and IOS XE contains a vulnerability related to improper shutdown and release of resources. Vendors must Bug ID CSCup10024 , CSCva55744 ,and CSCva95506 It is published as.Service operation interruption (DoS) It may be in a state. Both Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. UDPprocessing is one of the UDP (User Datagram Protocol) protocol handlers. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812. Vendors have confirmed this vulnerability Bug ID CSCvd08812 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoYesMaxTotal, YesMaxHD, and YesQuattroSTB are all video signal converter devices from Cisco. The HTTPremoteprocedurecall(RPC) service is one of the remote procedure call services. A denial of service vulnerability exists in the HTTPRPCservice for CiscoYesMaxTotal, YesMaxHD, and YesQuattroSTB devices. Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. Vendors have confirmed this vulnerability Bug ID CSCvc77164 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The system has functions such as equipment management, asset tracking and intelligent metering. Prior to Cisco IoT-FND 4.0, the TCP throttling process had a denial of service vulnerability, which originated from the program's insufficient execution rate limiting protection. Successful exploitation of the issue will cause excessive memory consumption and restart the affected application, resulting in a denial-of-service condition

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. Vendors have confirmed this vulnerability Bug ID CSCvf18325 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform provides functions such as report-related business data and comprehensive display of call center data

A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766. Vendors have confirmed this vulnerability Bug ID CSCvd61766 It is released as.Information may be tampered with. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. Vendors have confirmed this vulnerability Bug ID CSCvd61932 It is released as.Information may be obtained. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. FiberHomeUserEndRoutersBearingAN1020-25 is a router from China FiberHome. A security vulnerability exists in FiberHomeUserEndRoutersBearingAN1020-25 that caused the program to fail to perform authentication correctly. An attacker could use this vulnerability to restore the router to factory settings and log in to the router

The AC6005 is a wireless access controller AC (Access Controller) from Huawei Technologies Co., Ltd. The AR1200 and AR3200 are router products. The AR207 is the basic model of Huawei AR200 series enterprise routers. A denial of service vulnerability exists in MaxAgeLSA in the OSPF protocol of various Huawei products. When the device receives a specific LSA packet, the LS (LinkStatus) aging time is set to MaxAge, which is 3600 seconds. An attacker can exploit this vulnerability to poison the routing table and initiate a denial of service attack.

NSAE Application Security Gateway is a hardware device independently developed by Principal Century to provide security proxy services for application systems. There is an arbitrary file download vulnerability in the Principal Century NSAE Application Security Gateway. An attacker could use this vulnerability to obtain sensitive information.

Delllaptop is a portable computer from Dell Corporation of the United States. WavesAudioWavesMaxxAudio is one of the audio enhancements developed by Israel's WavesAudio. There is a security hole in WavesMaxxAudio in Delllaptop. A local attacker can exploit this vulnerability to execute arbitrary code.