VARIoT IoT vulnerabilities database

On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code. BE126 WIFI Repeater The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GongjinElectronicsBE126WIFIrepeater is a wireless Internet repeater from China's Gongjin Electronics. There is a security hole in the GongjinElectronicsBE126WIFIrepeater 1.0 version

A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PermissionFilter class. This class contains a method that will allow for access to an associated servlet allowing for an attacker to bypass authentication if the URI starts with a specific string. By providing that string, and a directory traversal that follows it, an attacker is able to reach any URI that would map to that servlet without authentication. HP Network Automation is prone to following vulnerabilities: 1. An SQL-injection vulnerability. 2. A remote code-execution vulnerability. 3. An information-disclosure vulnerability. 4. Multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to obtain sensitive information, gain elevated privileges or execute arbitrary code, perform certain unauthorized actions, or exploit latent vulnerabilities in the underlying database. HP Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03740en_us Version: 1 HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Local: Authentication Bypass; Remote: Code Execution, Elevated Privileges, SQL Injection Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. References: - CVE-2017-5810 - SQL injection - CVE-2017-5811 - remote code execution - CVE-2017-5812 - remote information disclosure - CVE-2017-5813 - remote unauthenticated access - CVE-2017-5814 - remote authentication bypass, elevated privilege execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software 9.1x, 9.2x, 10.0x, 10.1x and 10.2x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5810 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5811 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5812 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5813 4.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2017-5814 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks the following for reporting security issues to security-alert@hpe.com: * CVE-2017-5810 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5811 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5812 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5814 Christophe Schleypen of NATO NCIRC RESOLUTION HPE has made the following software updates and mitigation information available to resolve the vulnerabilities in HPE Network Automation: Customers on version 9.1x or 9.2x need to upgrade to a patched version of 10.0x, or 10.1x or 10.2x noted below For 10.0x, first patch to 10.00.021, and then apply the patch 10.00.022: * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00042> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM02615679> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For 10.10, customers should first upgrade to 10.11: <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00030> and then apply the 10.11 patch below. * For 10.11, apply the patch 10.11.03: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00044> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions. * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM01964007> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For NA 10.20, customers should first upgrade to 10.21 <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00040> and then apply the 10.21 patch below: * For 10.21, apply the patch 10.21.01: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00043> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide (available at: <https://softwaresupport.hpe.com/km/KM02501298> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC1TcAAoJELXhAxt7SZaib7UH/3e3+hBgB/7bpI0ta5DGxAJH RvBpynUuc8DAP+fKTpWx4r6LZwUnXYlytjj/zaiX0tnekZdsCDs+fWiLimQ6BNzp hY3oFcBPqpmbKtw3DmveR2k70Uq05dhhZ9ciNTBga8jvcUbKFxlB/41yzIQx6Kdp kX/Sn3XQuNP8ylBaDL3ogcjUsfoiZNAEtO2XRDbJ+5MXo4Tr6t4ogstLUZT6M2T+ plrIomQzU2cAI7qVlNMRW1X4rRA0DP3SWINI5phEyPQEbYCPCeY5/pf55KlhGWuj cXsEwyXXeBMASD9bswq32+HYSkc6qtYRaQFwuATtWWLY94ZctRkixKpMpzss5ls= =YOyv -----END PGP SIGNATURE-----

A remote code execution vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileServlet servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of SYSTEM. HP Network Automation is an automated network configuration management tool from Hewlett Packard (HP). The tool automates configuration changes, software updates, compliance audits, and tracking and control across a wide range of multi-vendor network devices. An SQL-injection vulnerability. 2. A remote code-execution vulnerability. 3. An information-disclosure vulnerability. 4. Multiple authentication-bypass vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03740en_us Version: 1 HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Local: Authentication Bypass; Remote: Code Execution, Elevated Privileges, SQL Injection Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. References: - CVE-2017-5810 - SQL injection - CVE-2017-5811 - remote code execution - CVE-2017-5812 - remote information disclosure - CVE-2017-5813 - remote unauthenticated access - CVE-2017-5814 - remote authentication bypass, elevated privilege execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software 9.1x, 9.2x, 10.0x, 10.1x and 10.2x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5810 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5811 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5812 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5813 4.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2017-5814 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks the following for reporting security issues to security-alert@hpe.com: * CVE-2017-5810 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5811 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5812 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5814 Christophe Schleypen of NATO NCIRC RESOLUTION HPE has made the following software updates and mitigation information available to resolve the vulnerabilities in HPE Network Automation: Customers on version 9.1x or 9.2x need to upgrade to a patched version of 10.0x, or 10.1x or 10.2x noted below For 10.0x, first patch to 10.00.021, and then apply the patch 10.00.022: * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00042> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM02615679> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For 10.10, customers should first upgrade to 10.11: <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00030> and then apply the 10.11 patch below. * For 10.11, apply the patch 10.11.03: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00044> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions. * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM01964007> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For NA 10.20, customers should first upgrade to 10.21 <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00040> and then apply the 10.21 patch below: * For 10.21, apply the patch 10.21.01: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00043> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide (available at: <https://softwaresupport.hpe.com/km/KM02501298> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC1TcAAoJELXhAxt7SZaib7UH/3e3+hBgB/7bpI0ta5DGxAJH RvBpynUuc8DAP+fKTpWx4r6LZwUnXYlytjj/zaiX0tnekZdsCDs+fWiLimQ6BNzp hY3oFcBPqpmbKtw3DmveR2k70Uq05dhhZ9ciNTBga8jvcUbKFxlB/41yzIQx6Kdp kX/Sn3XQuNP8ylBaDL3ogcjUsfoiZNAEtO2XRDbJ+5MXo4Tr6t4ogstLUZT6M2T+ plrIomQzU2cAI7qVlNMRW1X4rRA0DP3SWINI5phEyPQEbYCPCeY5/pf55KlhGWuj cXsEwyXXeBMASD9bswq32+HYSkc6qtYRaQFwuATtWWLY94ZctRkixKpMpzss5ls= =YOyv -----END PGP SIGNATURE-----

A remote unauthenticated access vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. HPE Network Automation Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HP Network Automation is an automated network configuration management tool from Hewlett Packard (HP). The tool automates configuration changes, software updates, compliance audits, and tracking and control across a wide range of multi-vendor network devices. An SQL-injection vulnerability. 2. 3. An information-disclosure vulnerability. 4. Multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to obtain sensitive information, gain elevated privileges or execute arbitrary code, perform certain unauthorized actions, or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03740en_us Version: 1 HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Local: Authentication Bypass; Remote: Code Execution, Elevated Privileges, SQL Injection Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. References: - CVE-2017-5810 - SQL injection - CVE-2017-5811 - remote code execution - CVE-2017-5812 - remote information disclosure - CVE-2017-5813 - remote unauthenticated access - CVE-2017-5814 - remote authentication bypass, elevated privilege execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software 9.1x, 9.2x, 10.0x, 10.1x and 10.2x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5810 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5811 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5812 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5813 4.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2017-5814 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks the following for reporting security issues to security-alert@hpe.com: * CVE-2017-5810 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5811 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5812 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5814 Christophe Schleypen of NATO NCIRC RESOLUTION HPE has made the following software updates and mitigation information available to resolve the vulnerabilities in HPE Network Automation: Customers on version 9.1x or 9.2x need to upgrade to a patched version of 10.0x, or 10.1x or 10.2x noted below For 10.0x, first patch to 10.00.021, and then apply the patch 10.00.022: * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00042> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM02615679> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For 10.10, customers should first upgrade to 10.11: <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00030> and then apply the 10.11 patch below. * For 10.11, apply the patch 10.11.03: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00044> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions. * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM01964007> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For NA 10.20, customers should first upgrade to 10.21 <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00040> and then apply the 10.21 patch below: * For 10.21, apply the patch 10.21.01: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00043> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide (available at: <https://softwaresupport.hpe.com/km/KM02501298> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC1TcAAoJELXhAxt7SZaib7UH/3e3+hBgB/7bpI0ta5DGxAJH RvBpynUuc8DAP+fKTpWx4r6LZwUnXYlytjj/zaiX0tnekZdsCDs+fWiLimQ6BNzp hY3oFcBPqpmbKtw3DmveR2k70Uq05dhhZ9ciNTBga8jvcUbKFxlB/41yzIQx6Kdp kX/Sn3XQuNP8ylBaDL3ogcjUsfoiZNAEtO2XRDbJ+5MXo4Tr6t4ogstLUZT6M2T+ plrIomQzU2cAI7qVlNMRW1X4rRA0DP3SWINI5phEyPQEbYCPCeY5/pf55KlhGWuj cXsEwyXXeBMASD9bswq32+HYSkc6qtYRaQFwuATtWWLY94ZctRkixKpMpzss5ls= =YOyv -----END PGP SIGNATURE-----

The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 has buffer overflow vulnerability. An attacker tricks a user into installing a malicious application which has the system privilege of the Android system and sends a specific parameter to the driver of the smart phone, causing a system crash or privilege escalation. Mate 9 The software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiMate9 is a smartphone from China's Huawei (huawei) company. Huawei Smart Phone is prone to a buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. HP StoreFabric B-series Switches are prone to a remote privilege-escalation vulnerability. A remote attacker can leverage this issue to gain elevated privileges within the context of affected system. HP StoreFabric B-series Switches FOS versions prior to 7.4.1d and 8.0.1b are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03739en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbst03739en_us Version: 1 HPESBST03739 rev.1 - HPE StoreFabric B-series Switches, Remote Elevation of Privilege NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Remote: Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability with Brocade Fabric OS (FOS) has been addressed in HPE StoreFabric B-series Switches. The vulnerability could be remotely exploited to allow an authenticated attacker to elevate the privileges of user accounts. - CVE-2016-8202 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - StoreFabric B-series Switches - All versions prior to FOS v7.4.1d and v8.0.1b BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-8202 8.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software update information available to resolve the vulnerability in HPE StoreFabric B-series Switches running Brocade Fabric OS (FOS). - - FOS v7.4.1d and FOS v8.0.1b or later have hardened the command line interfaces by tightening access permissions and removed commands that potentially can be used to poke and exploit the CLI to gain unauthorized privileges. **NOTE:** The B-series switch streams list all the currently active FOS versions. For the latest productsupport information, see the HPE Single Point of Connectivity Knowledge (SPOCK) website. A valid HPE Passport account is required to access this website: <http://www.hpe.com/storage/spock> HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC2djAAoJELXhAxt7SZaiWE4H/2rXH73B6pVmM09pZyef8yZM x5/bkITU4wxjxfV+h8LWFZMsOj7WL7g/Wgq+qJKc7QPOj31E1viTp0s+es1eiF5U 72vPzOR39cqEUALYXFB9qPGTg3TS+NtkxMJnY20iE08E5sQZGX3hqBecrPOL93f2 BQlHvJb0JJ/Jy+J76JLwiYtr2sjguBCJL1qUKhZCJJ/H05qOdCBW5u0ukbWi4Bq8 IdEOh6p485WaZpRKglGBL1KHO/YMwbfDDppeQNa+a/FH2wen7qe5+a+vtu2cfxdp OC+B9aamDYRTg3TUybEoXsuuLoGLh6NUTqHilOA74d0KQPJLQJ7ZmkdkfAe8n6g= =UVxE -----END PGP SIGNATURE-----

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. WNR2000v3, WNR2000v4, WNR2000v5 and R2000 are all Netgear router products. Multiple NETGEAR Routers are prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The following products and versions are vulnerable: WNR2000v3 devices prior to 1.1.2.14 WNR2000v4 devices prior to 1.0.0.66 WNR2000v5 devices prior to 1.0.0.42 R2000. A security vulnerability exists in NETGEAR WNR2000v3, WNR2000v4, and WNR2000v5 devices

A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. HP Network Automation is prone to following vulnerabilities: 1. An SQL-injection vulnerability. 2. A remote code-execution vulnerability. 3. An information-disclosure vulnerability. 4. Multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to obtain sensitive information, gain elevated privileges or execute arbitrary code, perform certain unauthorized actions, or exploit latent vulnerabilities in the underlying database. HP Network Automation versions 9.1x, 9.2x, 10.0x, 10.1x and 10.2x are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03740en_us Version: 1 HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Local: Authentication Bypass; Remote: Code Execution, Elevated Privileges, SQL Injection Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. References: - CVE-2017-5810 - SQL injection - CVE-2017-5811 - remote code execution - CVE-2017-5812 - remote information disclosure - CVE-2017-5813 - remote unauthenticated access - CVE-2017-5814 - remote authentication bypass, elevated privilege execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software 9.1x, 9.2x, 10.0x, 10.1x and 10.2x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5810 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5811 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5812 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5813 4.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2017-5814 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks the following for reporting security issues to security-alert@hpe.com: * CVE-2017-5810 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5811 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5812 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5814 Christophe Schleypen of NATO NCIRC RESOLUTION HPE has made the following software updates and mitigation information available to resolve the vulnerabilities in HPE Network Automation: Customers on version 9.1x or 9.2x need to upgrade to a patched version of 10.0x, or 10.1x or 10.2x noted below For 10.0x, first patch to 10.00.021, and then apply the patch 10.00.022: * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00042> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM02615679> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For 10.10, customers should first upgrade to 10.11: <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00030> and then apply the 10.11 patch below. * For 10.11, apply the patch 10.11.03: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00044> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions. * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM01964007> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For NA 10.20, customers should first upgrade to 10.21 <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00040> and then apply the 10.21 patch below: * For 10.21, apply the patch 10.21.01: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00043> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide (available at: <https://softwaresupport.hpe.com/km/KM02501298> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC1TcAAoJELXhAxt7SZaib7UH/3e3+hBgB/7bpI0ta5DGxAJH RvBpynUuc8DAP+fKTpWx4r6LZwUnXYlytjj/zaiX0tnekZdsCDs+fWiLimQ6BNzp hY3oFcBPqpmbKtw3DmveR2k70Uq05dhhZ9ciNTBga8jvcUbKFxlB/41yzIQx6Kdp kX/Sn3XQuNP8ylBaDL3ogcjUsfoiZNAEtO2XRDbJ+5MXo4Tr6t4ogstLUZT6M2T+ plrIomQzU2cAI7qVlNMRW1X4rRA0DP3SWINI5phEyPQEbYCPCeY5/pf55KlhGWuj cXsEwyXXeBMASD9bswq32+HYSkc6qtYRaQFwuATtWWLY94ZctRkixKpMpzss5ls= =YOyv -----END PGP SIGNATURE-----

A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RedirectServlet component. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute SQL under the context of SYSTEM. HP Network Automation is an automated network configuration management tool from Hewlett Packard (HP). The tool automates configuration changes, software updates, compliance audits, and tracking and control across a wide range of multi-vendor network devices. An SQL-injection vulnerability. 2. A remote code-execution vulnerability. 3. An information-disclosure vulnerability. 4. Multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to obtain sensitive information, gain elevated privileges or execute arbitrary code, perform certain unauthorized actions, or exploit latent vulnerabilities in the underlying database. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03740en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbgn03740en_us Version: 1 HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-04 Last Updated: 2017-05-04 Potential Security Impact: Local: Authentication Bypass; Remote: Code Execution, Elevated Privileges, SQL Injection Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Network Automation. The vulnerabilities could be remotely exploited to allow SQL injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. References: - CVE-2017-5810 - SQL injection - CVE-2017-5811 - remote code execution - CVE-2017-5812 - remote information disclosure - CVE-2017-5813 - remote unauthenticated access - CVE-2017-5814 - remote authentication bypass, elevated privilege execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Network Automation Software 9.1x, 9.2x, 10.0x, 10.1x and 10.2x BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5810 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5811 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CVE-2017-5812 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE-2017-5813 4.6 CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CVE-2017-5814 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks the following for reporting security issues to security-alert@hpe.com: * CVE-2017-5810 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5811 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5812 rgod working with Trend Micro's Zero Day Initiative * CVE-2017-5814 Christophe Schleypen of NATO NCIRC RESOLUTION HPE has made the following software updates and mitigation information available to resolve the vulnerabilities in HPE Network Automation: Customers on version 9.1x or 9.2x need to upgrade to a patched version of 10.0x, or 10.1x or 10.2x noted below For 10.0x, first patch to 10.00.021, and then apply the patch 10.00.022: * <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00042> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM02615679> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For 10.10, customers should first upgrade to 10.11: <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00030> and then apply the 10.11 patch below. * For 10.11, apply the patch 10.11.03: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00044> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions. * In addition, follow the procedures described in the following sections in the NA Hardening Guide available at: <https://softwaresupport.hpe.com/km/KM01964007> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI For NA 10.20, customers should first upgrade to 10.21 <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00040> and then apply the 10.21 patch below: * For 10.21, apply the patch 10.21.01: - <https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets arch/document/LID/NA_00043> * Please follow SPECIAL INSTALL INSTRUCTIONS section mentioned under Installation Instructions * In addition, follow the procedures described in the following sections in the NA Hardening Guide (available at: <https://softwaresupport.hpe.com/km/KM02501298> - Enable Secure Communication with Satellites - Enable SSL Communications over RMI HISTORY Version:1 (rev.1) - 4 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZC1TcAAoJELXhAxt7SZaib7UH/3e3+hBgB/7bpI0ta5DGxAJH RvBpynUuc8DAP+fKTpWx4r6LZwUnXYlytjj/zaiX0tnekZdsCDs+fWiLimQ6BNzp hY3oFcBPqpmbKtw3DmveR2k70Uq05dhhZ9ciNTBga8jvcUbKFxlB/41yzIQx6Kdp kX/Sn3XQuNP8ylBaDL3ogcjUsfoiZNAEtO2XRDbJ+5MXo4Tr6t4ogstLUZT6M2T+ plrIomQzU2cAI7qVlNMRW1X4rRA0DP3SWINI5phEyPQEbYCPCeY5/pf55KlhGWuj cXsEwyXXeBMASD9bswq32+HYSkc6qtYRaQFwuATtWWLY94ZctRkixKpMpzss5ls= =YOyv -----END PGP SIGNATURE-----

HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information. HUAWEI P9 Smartphone software contains a vulnerability related to input validation.Information may be obtained and information may be altered. HuaweiP9 is a smartphone from Huawei. The HuaweiP9 has an input verification vulnerability. The Huawei P9 is a smartphone from the Chinese company Huawei. Audio driver is one of the audio drivers. There is a security vulnerability in Huawei P9, the vulnerability is caused by the program not adequately validating the fields in the message

Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the String.replace method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will likely cause a denial-of-service condition. Both Apple Safari and iOS are products of the American company Apple (Apple). Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices. JavaScriptCore is one of those frameworks

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. Pivotal RabbitMQ Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal RabbitMQ Products are prone to local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. ========================================================================== Ubuntu Security Notice USN-6265-1 July 31, 2023 rabbitmq-server vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: RabbitMQ could be made to expose sensitive information. Software Description: - rabbitmq-server: AMQP server written in Erlang Details: It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS (Available with Ubuntu Pro): rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6265-1 CVE-2017-4966

A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. Vendors have confirmed this vulnerability Bug ID CSCvc14457 It is released as.Information may be obtained. CISCOCVR100W is a combination of wired/wireless network connection, VPN, firewall and many other functions. This may aid in further attacks. The vulnerability is caused by the program not correctly implementing the ACL

A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. Vendors have confirmed this vulnerability Bug ID CSCuy40939 It is released as.Information may be tampered with. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This may aid in further attacks

A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. Vendors have confirmed this vulnerability Bug ID CSCvc84361 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause cause a denial-of-service condition, denying service to legitimate users

A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. Vendors have confirmed this vulnerability Bug ID CSCvc08314 It is released as.Information may be obtained. Cisco Finesse is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCvc08314. This component provides intelligent contact routing, call processing, web-to-desktop computer telephony integration (CTI) and multi-channel contact management capabilities over an IP infrastructure

A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396. Vendors have confirmed this vulnerability Bug ID CSCvb95396 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. Cisco TelePresence DX Series and so on are the video terminal equipment of American Cisco Company. Cisco Spark Room OS is an operating system

A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386. The Cisco Aironet 1800, 2800, and 3800 Series Access Points are router access devices from Cisco. Plug-and-Play (PnP) is one of the plug-and-play services subsystems. The PnP subsystem in the Cisco Aironet 1800, 2800, and 3800 Series AccessPoints version 8.3.102.0 has an arbitrary code execution vulnerability due to the program failing to adequately verify the PnP server response. Failed exploit attempts will likely result in a denial-of-service condition

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441. Vendors have confirmed this vulnerability Bug ID CSCvb14441 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition

A vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642. Vendors have confirmed this vulnerability Bug ID CSCuz72642 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CISCOCVR100W is a combination of wired/wireless network connection, VPN, firewall and many other functions