VARIoT IoT vulnerabilities database

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2). Vendors have confirmed this vulnerability Bug ID CSCvc74291 It is released as.Information may be obtained. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCvc74291. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker could exploit this vulnerability to execute arbitrary SQL commands by sending HTTP requests with user-submitted data

A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2. Vendors have confirmed this vulnerability Bug ID CSCvb62292 It is released as.Service operation interruption (DoS) An attack may be carried out. An attacker can exploit this issue to restart the affected process, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvb62292. Firepower System Software 6.0.1, 6.1.0, and 6.2.0 are vulnerable

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242). Vendors have confirmed this vulnerability Bug ID CSCvc83712 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCva98592 . This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. Vendors have confirmed this vulnerability Bug ID CSCvc60123 It is released as.Information may be obtained and information may be altered. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc60123. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support. The vulnerability stems from the fact that the program does not correctly perform input validation on the parameters in the HTTP request

A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). Vendors have confirmed this vulnerability Bug ID CSCvb61394 and CSCvb86816 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Unified Computing System Manager is a set of embedded device management software. The Cisco Firepower 9300 Security Appliance is a security device from Cisco. A local attacker can exploit the vulnerability to execute arbitrary commands. This issue being tracked by Cisco Bug ID's CSCvb61394 and CSCvb86816. local-mgmt CLI is one of the command-line programs

A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69). Vendors have confirmed this vulnerability Bug ID CSCvb86725 and CSCvb86797 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local privilege-escalation vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands as root. This issue is being tracked by Cisco Bug ID's CSCvb86725 and CSCvb86797. There are privilege escalation vulnerabilities in the debugging plug-in function of several Cisco products

A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL. Vendors have confirmed this vulnerability Bug ID CSCvb14433 It is released as.Service operation interruption (DoS) An attack may be carried out. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Attackers can exploit this issue to crash the service, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb14433

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. Vendors have confirmed this vulnerability Bug ID CSCvb61351 and CSCvb61637 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary shell commands. This issue being tracked by Cisco Bug ID CSCvb61351 and CSCvb61637

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). Vendors have confirmed this vulnerability Bug ID CSCvb61384 and CSCvb86764 It is released as.Information may be obtained and information may be altered. Multiple Cisco products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands. This issue being tracked by Cisco Bug ID's CSCvb61384 and CSCvb86764

A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). Vendors have confirmed this vulnerability Bug ID CSCvb66189 and CSCvb86775 It is released as.Information may be obtained and information may be altered. The Cisco Unified Computing System (UCS) Manager provides unified embedded management of all software and hardware components in Cisco UCS. The Cisco Firepower 4100 Series is the next generation firewall. The Cisco Firepower 9300 is a scalable carrier-grade platform. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands. This issue being tracked by Cisco Bug ID CSCvb66189 and CSCvb86775. A local attacker could exploit this vulnerability by injecting specially crafted command parameters into affected CLI commands to read or write arbitrary files with user privileges and gain access to the device

A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP. Vendors have confirmed this vulnerability Bug ID CSCuy94366 It is released as.Denial of service by an adjacent attacker (DoS) There is a possibility of being put into a state. The Cisco ASR903 and ASR920 are router products. An unauthenticated attacker with a physical location is causing the affected system to refuse service. Cisco ASR 903 and ASR 920 Series are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuy94366. The RSP2 card is a wideband radio spectrum processor

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. The Cisco Integrated Management Controller is a baseboard management controller that provides embedded server management for CiscoUCSC-SeriesRackServers. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCvc37931. The vulnerability stems from the fact that the program does not correctly perform input validation on parameters in HTTP requests

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE Software is prone to a local command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands within the context of the application. This issue is being tracked by Cisco Bug ID's CSCuz06639 and CSCuz42122. The vulnerability is caused by the program's insufficient validation of the value of the ROMMON variable

A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action frame processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the 802.11 WME packet header. An attacker could exploit this vulnerability by sending malformed 802.11 WME frames to a targeted device. A successful exploit could allow the attacker to cause the WLC to reload unexpectedly. The fixed versions are 8.0.140.0, 8.2.130.0, and 8.3.111.0. Cisco Bug IDs: CSCva86353. Vendors have confirmed this vulnerability Bug ID CSCva86353 It is released as.Service operation interruption (DoS) An attack may be carried out. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This product provides functions such as security policy and intrusion detection in wireless LAN

A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198. Vendors have confirmed this vulnerability Bug ID CSCvb48198 It is released as.Service operation interruption (DoS) An attack may be carried out. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. An unauthenticated remote attacker caused a denial of service

A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in to the device with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 8.2.111.0, regardless of whether the device is configured as a master, subordinate, or standalone access point. Release 8.2 was the first release of Cisco Mobility Express Software for next generation Cisco Aironet Access Points. Cisco Bug IDs: CSCva50691. Vendors have confirmed this vulnerability Bug ID CSCva50691 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. The former is a router; the latter is a wireless access point product

A vulnerability in RADIUS Change of Authorization (CoA) request processing in the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by disconnecting a single connection. This vulnerability affects Cisco Wireless LAN Controller running software release 8.3.102.0. More Information: CSCvb01835. Known Fixed Releases: 8.4(1.49) 8.3(111.0) 8.3(108.0) 8.3(104.24) 8.3(102.3). Vendors have confirmed this vulnerability Bug ID CSCvb01835 It is released as.Service operation interruption (DoS) An attack may be carried out. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. A denial of service vulnerability exists in Cisco WirelessLANController. An attacker could exploit this vulnerability to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCvb01835. The vulnerability is caused by the program not performing sufficient input validation on the RADIUS CoA packet header

A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). Cisco Aironet 1800 , 2800 ,and 3800 Series platform contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvb13893 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local privilege elevation vulnerability exists in the Cisco Aironet AccessPoints platform. This issue is being tracked by Cisco Bug ID CSCvb13893. The vulnerability is caused by the program not properly managing user credentials

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). Vendors have confirmed this vulnerability Bug ID CSCvb70351 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. This issue is being tracked by Cisco Bug ID CSCvb70351. CLI command parser is one of the CLI (command line interface) command parsers

A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). Vendors have confirmed this vulnerability Bug ID CSCvc60031 , CSCvc60041 , CSCvc60095 ,and CSCvc60102 It is released as.Information may be obtained. Multiple Cisco Products are prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCvc60031, CSCvc60041, CSCvc60095 and CSCvc60102. The former is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; the latter is a set of network management solutions. The web interface is one of the web interfaces. A remote attacker could exploit this vulnerability to obtain sensitive information by sending a specially crafted HTTP request to the target application