VARIoT IoT vulnerabilities database

A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. Vendors have confirmed this vulnerability Bug ID CSCvc54813 It is released as.Remote attackers can malicious users Web You may be redirected to the page. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc54813. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The web-based GUI in CUCDM has an open redirection vulnerability, which is caused by the fact that the program does not correctly perform input validation on HTTP request parameters

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. Vendors have confirmed this vulnerability Bug ID CSCvd34632 It is released as.A remote attacker could bypass the filters set on the device. CiscoEmailSecurityAppliance is a set of email security appliances. CiscoContentSecurityManagement is a unified email and web security management solution. An email scanning vulnerability exists in CiscoAsyncOSSoftware on CiscoEmailSecurityAppliance (ESA) devices. This vulnerability stems from incorrect authentication of emails with attachments and modified MIME headers. An unauthenticated remote attacker bypasses the configured filter. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd34632. AsyncOS Software is the operating system used in it

A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvc10894. An attacker could exploit this vulnerability to retrieve user log files

A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). The system is automated through the visualization of industrial Ethernet infrastructure. A remote attacker could exploit this vulnerability to execute arbitrary HTML or script code in the context of an affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvd25405

A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76652

A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. Vendors have confirmed this vulnerability Bug ID CSCvc76662 It is released as.A remote attacker could read important files on your system. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvc76662

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. BarcoClickShareCSM-1BaseUnit and ClickShareCSC-1BaseUnit are both wireless presentation system host devices from Barco, Belgium. Multiple Barco ClickShare Base Units are prone to multiple command-injection vulnerabilities because it fails to properly sanitize user-supplied input. This may aid in further attacks

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. TP-Link WR841N V8 The router contains a vulnerability related to the use of cryptographic algorithms.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-LinkWR841N is a SOHO wireless router. An arbitrary code execution vulnerability exists in TP-LINKWR841NV8 and earlier. An attacker can bypass the access restrictions to reset the router's authentication information (password, etc.). After exploiting this vulnerability for higher privileges, an attacker could again exploit the stack overflow vulnerability in a configuration service to execute code. TP-Link WR841N V8 is a wireless router product of China Pulian (TP-LINK) company. executable httpd is one of the executable HTTP server programs. There is a security vulnerability in executable httpd in versions earlier than TP-Link WR841N V8 TL-WR841N(UN)_V8_170210

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). Vendors have confirmed this vulnerability Bug ID CSCvc76620 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to execute arbitrary command on the affected system. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvc76620. ConfD CLI is one of these modules

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76651

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager. An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76699

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager. A remote attacker could exploit the vulnerability to log in to an affected device. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvc76695

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76631

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76). An attacker can exploit this issue to bypass the security mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvc76661. ConfD CLI is one of these modules

A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. Vendors report this vulnerability CSCvd73726 Published as.Arbitrary files could be overwritten or modified by a remotely authenticated attacker. CiscoStarOS is a set of operating systems operated by Cisco Systems Inc. in a series of routers such as 5000. CiscoStarOS has a remote security bypass vulnerability that can be exploited by remote authentication attackers to modify arbitrary files. The vulnerability stems from a failure of the program to fully validate the input. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd73726

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCvd29403. ConfD CLI is one of these modules

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839. CiscoUltraServicesFramework is an intelligent online service payment platform from Cisco. ElementManager is one of the software used to manage server switches. A security vulnerability exists in CiscoUltraServicesFrameworkElementManager that originated from the default static password used by user accounts. Cisco Ultra Services Framework is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd85710

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1). Local attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvd76286. ConfD server component is a management framework component

A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. Vendors have confirmed this vulnerability Bug ID CSCvd29355 It is released as.Critical data by local attackers ( Plain text authentication information ) May be viewed. Cisco Ultra Services Platform is prone to local information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd29355

A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvd29398. ConfD server is one of the management framework components