VARIoT IoT vulnerabilities database

A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472. Vendors have confirmed this vulnerability Bug ID CSCve82472 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This software is mainly used in the link environment with small bandwidth and large delay

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608. Vendors have confirmed this vulnerability Bug ID CSCve96608 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993. Vendors have confirmed this vulnerability Bug ID CSCve60993 It is released as.Information may be obtained and information may be altered. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149. Cisco Meeting Server Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve89149 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Web Admin Interface is one of the Web login interfaces

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. The vulnerability exists in the Cisco Adaptive Security Appliance (ASA) Software when the WEBVPN feature is enabled. Cisco Bug IDs: CSCve91068. Vendors have confirmed this vulnerability Bug ID CSCve91068 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907. Vendors have confirmed this vulnerability Bug ID CSCvd77907 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will result in a denial of service condition

A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457. Vendors have confirmed this vulnerability Bug ID CSCve74457 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This software is mainly used in the link environment with small bandwidth and large delay

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539. Vendors have confirmed this vulnerability Bug ID CSCvf66539 It is released as.Information may be tampered with. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Network Access Manager (NAM) is one of the network access managers

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. Vendors have confirmed this vulnerability Bug ID CSCvb99388 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. IOSXRSoftware is one of a modular, distributed network operating system. Note: Successful exploitation of the issue is possible only if the gRPC is enabled on the device

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. Both Gemalto HASP SRM and Sentinel HASP are dongle drivers from Gemalto. Sentinel LDK is a license management tool. Attackers can exploit this vulnerability to implement NTLM relay attacks

A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. Vendors have confirmed this vulnerability Bug ID CSCvd83577 It is released as.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ReportCSV servlet, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to read any files accessible to the SYSTEM user. This software is used to activate Cisco equipment and software, and obtain equipment licenses or product keys online

Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. Gemalto Sentinel License Manager is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities. 2. Multiple heap-based buffer-overflow vulnerabilities. 3. A security bypass vulnerability. 4. A denial-of-service vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. Gemalto Sentinel LDK RTE is a license management tool of American Gemalto (Gemalto). custom XML-parser is one of the XML parsers. A remote attacker could exploit this vulnerability to cause a denial of service

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. Ipswitch IMail Server Contains a buffer error vulnerability. This vulnerability is also known as “ ETBL Or ETCETERABLUE Is called.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker could exploit this vulnerability to execute arbitrary code

Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. Ipswitch IMail Server Contains a buffer error vulnerability. This vulnerability is also known as “ ETRE Or ETCTERARED Is called.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker could exploit this vulnerability to execute arbitrary code

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. Lenovo Fingerprint Manager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Fingerprint Manager is a set of fingerprint identification sensor drivers developed by Lenovo in China for the Thinkpad series. There is a privilege escalation vulnerability in Lenovo Fingerprint Manager versions earlier than 8.01.42. The vulnerability is caused by incorrect access control lists (ACLs) in Services and files. A local attacker can exploit this vulnerability by running an executable file with administrator privileges to disable local detection and elevate privileges

Hikvision DS-2CD2710F-I and DS-5C-I Series are webcam products developed by China Hikvision. There is an unauthorized operation loophole in the image setting interface of Hikvision webcam, and the validity of the parameters cannot be verified during reception and processing. An attacker could use this vulnerability to perform unauthorized operations.

Hikvision DS-2CD2710F-I and DS-5C-I Series are webcam products developed by China Hikvision. Hikvision has loopholes in design logic, and failed to correctly verify the wrong parameters when receiving and processing standard parameters. An attacker could use the vulnerability to cause the device to restart.

In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.". Open vSwitch (OvS) Contains a resource exhaustion vulnerability. Vendors are contesting this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-14970Service operation interruption (DoS) There is a possibility of being put into a state. OpenvSwitch (OvS) is a multi-layer virtual switch product based on open source technology (subject to Apache 2.0 license). It supports large-scale network automation, standard management interfaces and protocols through programming extensions. A security vulnerability exists in the lib/ofp-util.c file in versions prior to OvS 2.8.1. A remote attacker could exploit the vulnerability to cause a denial of service. through programming extensions

Huawei Honor 5S smart phones with software the versions before TAG-TL00C01B173 have an authentication bypass vulnerability due to the improper design of some components. An attacker can get a user's smart phone and install malicious apps in the mobile phone, allowing the attacker to reset the password and fingerprint of the phone without authentication. Huawei Honor 5S Smartphone software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiHonor5S is a smartphone from China's Huawei company. HuaweiHonor5S has an authentication bypass vulnerability

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking. Huawei application HiWallet Contains a vulnerability in the verification of digital signatures.Information may be tampered with. Huawei's partial APP lacks a signature authentication vulnerability. Huawei HiWallet is a money management (Huawei Wallet) app for mobile phones from the Chinese company Huawei (Huawei). There is a security vulnerability in Huawei HiWallet versions earlier than 5.0.3.100