VARIoT IoT vulnerabilities database

A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). Cisco Prime Infrastructure Contains a code injection vulnerability. Vendors have confirmed this vulnerability Bug ID CSCve47074 It is released as.Information may be obtained and information may be altered. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). Vendors have confirmed this vulnerability Bug ID CSCve26106 , CSCve26202 ,and CSCve26224 It is released as.Information may be obtained. Multiple Cisco Products are prone to an information-disclosure vulnerability. SNMP polling is one of the components of network management polling (the way the CPU decides how to provide services to peripheral devices)

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). Vendors have confirmed this vulnerability Bug ID CSCvc76616 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may result in further attacks

A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. Vendors have confirmed this vulnerability Bug ID CSCvc76670 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This may aid in further attacks. Versions prior to Cisco VNF Element Manager 5.0.4 and 5.1.4 are vulnerable

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). Cisco Application Policy Infrastructure Controller (APIC) Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvc96087 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There is a privilege escalation vulnerability in the build procedure of the executable system file in Cisco APIC

A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd29358 It is released as.Information may be obtained. AutoVNF automation tool is one of the virtualized network tools

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). Vendors have confirmed this vulnerability Bug ID CSCvd29408 It is released as.Information may be obtained. This may result in further attacks

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47722 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. The CLI is one of the command line programs

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47739 It is released as.Information may be tampered with. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. This may aid in further attacks

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd47741 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco ASR5000 Series AggregatedServicesRouters is the ASR5000 series of integrated services router products from Cisco. StarOS is a set of operating systems running on it. The CLI is one of the command line programs. The StarOS CLI in Cisco ASR5000 Series AggregatedServicesRouters21.0.v0.65839 has a privilege elevation vulnerability that stems from the program failing to assign the correct permissions to the user

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). Vendors have confirmed this vulnerability Bug ID CSCvf12055 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897. Vendors have confirmed this vulnerability Bug ID CSCve32897 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Session Initiation Protocol (SIP) is one of the session initiation protocols

Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. Polycom UCS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PolycomSoundStationIP, VVX and RealPresenceTrio are products of Polycom Corporation of the United States. PolycomSoundStationIP is an IP phone; VVX is a video conferencing phone; RealPresenceTrio is a smart multimedia device. An information disclosure vulnerability exists in UCS in PolycomSoundStationIP, VVX, and RealPresenceTrio

VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. Schneider Electric Pelco VideoXpert has a directory traversal vulnerability that could allow an attacker to view arbitrary files in the context of a Web server.

Pro-Face GP Pro-Server EX is the preferred HMI development software for both dedicated and open HMI (PC-based) solutions. Schneider Electric Pro-Face WinGP has an arbitrary code execution vulnerability that an attacker can use to force the process to load arbitrary DLLs and execute arbitrary code in the context of the process

VideoXpert is a video management solution designed for scalability, suitable for any size monitoring operation. A privilege escalation vulnerability exists in Schneider Electric Pelco VideoXpert, allowing local attackers to elevate privileges to execute arbitrary code.

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. Vendors have confirmed this vulnerability Bug ID CSCve37988 It is released as.Information may be obtained. The Cisco RV340, RV345, and RV345PDualWANGigabitVPNRouters are all VPN firewall router products from Cisco. The vulnerability stems from the failure of the program to adequately protect sensitive data. This may lead to other attacks. Use of the following firmware versions is affected: Version 1.0.0.30, Version 1.0.0.33, Version 1.0.1.9, Version 1.0.1.16

A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). Vendors have confirmed this vulnerability Bug ID CSCvc34335 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An elevation of privilege vulnerability exists in Cisco APIC

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. ConnMan Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. connman is prone to a stack-based buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. connman 1.34 and prior are vulnerable. ConnMan is a tool for network management on Tizen systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3956-1 security@debian.org https://www.debian.org/security/ Luciano Bello August 27, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : connman CVE ID : CVE-2017-12865 Debian Bug : 872844 Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. For the oldstable distribution (jessie), this problem has been fixed in version 1.21-1.2+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 1.33-3+deb9u1. For the testing distribution (buster), this problem has been fixed in version 1.33-3+deb9u1. For the unstable distribution (sid), this problem has been fixed in version 1.35-1. We recommend that you upgrade your connman packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlmjRVgACgkQbsLe9o/+ N3T3/Q//VQRbz2KIvb/nJA79D9HsmJiV5MCs8odlsPfV+796eENsgepO3elsdm75 vo5FHTORoN+tc2cw9zOkpgR/tTNYVFq/adcchecjW6E8Ruh57AwT1PaDDStaTger ra9tk3QBVOWBkhdZmag8RxNt99EK9o1pVn0zu2cdNWwWR+0DJFLOTn+icvaX9a00 E53GXX/CCMEYw0Smo3t3D0HuR6NLLDFbyV1Cf/fte29Hdt7Ni0aXUZsjyqlND7LI mF1m4OcouoGhS/QFBEkIsduMs07Merc7ZHQ93z/RMtqQzo9Ev/7qBsgGG7TokTif m+HmH6x6OJ+QIVca2VK7i3pKmWu+zLtF5zixG/U0ED5nVoeDE1vnHmLlQilHOzi/ Dxmb6gPNQvbLYE3Hr2ytgL4ICmADVeUlpVfEc4km17G8fiTCaCY5vAlKRUy209bE d9izLn1u3J2i1gb3IsJ1qxfIG3kxy6xnXXED0sGZXCp61HU2SaXTiK76B5MLiBHP wQN335oSsRIbORSsCvfcqVUAtLs9BLqV3fQ57wb7nM5qH7vfHndcGXc/lVNb6eJe 3PjOIyDUU58K987FnvbN+FSWGuv5cfbsQLZwfICU5s95r2EAoS06tk2/iGU76Wwy zjmu3on4C2men6TxIaWCOamkBR+igB9MvRIRD2wRIUkg5mudmf8= =p3fr -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ConnMan: Multiple vulnerabilities Date: December 02, 2018 Bugs: #628566, #630028 ID: 201812-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in ConnMan, the worst of which could result in the remote execution of code. Background ========== ConnMan provides a daemon for managing Internet connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/connman < 1.35-r1 >= 1.35-r1 Description =========== Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ConnMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/connman-1.35-r1" References ========== [ 1 ] CVE-2017-12865 https://nvd.nist.gov/vuln/detail/CVE-2017-12865 [ 2 ] CVE-2017-5716 https://nvd.nist.gov/vuln/detail/CVE-2017-5716 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201812-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition. BMC Medical Luna CPAP machine Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. BMCMedicalLunaCPAPMachine is a ventilator from China's BMCMedical. 3BMedicalLunaCPAPMachine is a ventilator from 3BMedical in the United States. A denial of service vulnerability exists in BMCMedicalLunaCPAPMachine and 3BMedicalLunaCPAPMachine. A remote attacker could exploit the vulnerability to cause a denial of service. BMC Medical and 3B Medical Luna CPAP Machine is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause a denial-of-service condition, denying service to legitimate users