VARIoT IoT vulnerabilities database

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837. This may lead to further attacks. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. web-based GUI is one of the web-based graphical user interface components

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content. The product enables access management control through integrated appliances for web, mobile and cloud computing

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). Multiple Cisco Products are prone to a local command-injection vulnerability. This issue being tracked by Cisco Bug ID CSCvb61343

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0. The Cisco Firepower Management Center (FMC) is the next-generation firewall management center software from Cisco. Policydeployment is one of the policy deployment modules. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb95281

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2. Vendors have confirmed this vulnerability Bug ID CSCvc54788 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. Cisco Industrial Ethernet 2000 (IE2000) SeriesSwitches is an industrial Ethernet 2000 series switch from Cisco. The vulnerability stems from the failure of the program to properly handle specially crafted CIP packets. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvc54788

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. This vulnerability "URL Bypass" It is called. Vendors have confirmed this vulnerability Bug ID CSCvb93980 It is released as.By a remote attacker Web Content blocking may be avoided. Cisco Firepower System Software is a next-generation firewall product (NGFW) from Cisco. A remote attacker can exploit the vulnerability by bypassing security restrictions by adding malicious text to the end of the URL string to perform unauthorized operations. This issue is being tracked by Cisco Bug IDCSCvb93980

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092. This vulnerability " Malformed MIME Avoid header filtering (Malformed MIME Header Filtering Bypass)" It is called. CiscoAsyncOSSoftwarefor CiscoEmailSecurityAppliances (ESA) is a set of operating systems used by Cisco Systems in the Email Security Appliance (ESA). An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvb65245

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. CiscoASR1000SeriesAggregationServicesRoutersrunningCiscoIOSXESoftware is a set of operating systems running on the ASR1000 series routers from Cisco. Cisco IOSXESoftware's \342\200\230SimpleNetworkManagementProtocol(SNMP)\342\200\231 function in Cisco ASR1000Series AggregationServicesRouters has a security vulnerability. This issue is being tracked by Cisco Bug ID CSCux68796. The following versions are affected: Cisco IOS XE Software Release 3.13.6S, 3.16.2S, 3.17.1S

A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. Cisco Firepower is a firewall device developed by Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCvb86860. The vulnerability is caused by the program's insufficient validation of input. The following products are affected: Cisco ASA5506-X; ASA5506W-X; ASA5506H-X; ASA5508-X;

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1). ( Reload device ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCux40637 It is released as.Remote attacker could disrupt service operation ( Reload device ) There is a possibility of being put into a state. CiscocBRSeriesConvergedBroadbandRouters is a router device. CiscocBRSeriesConvergedBroadbandRouters handles security holes in the list header field, allowing remote attackers to exploit vulnerabilities to submit special requests for denial of service attacks. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCux40637. The platform supports the application of software-defined networking (SDN) and virtualization technologies to virtualize, integrate and automate cable operators' access architectures and more

IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code. Multiple IBM Products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. IBM Security Access Manager is a product applied to information security management of IBM Corporation in the United States. The product enables access management control through integrated appliances for web, mobile and cloud computing. A security vulnerability exists in IBM Security Access Manager. Attackers can exploit this vulnerability to upload malicious code. The following versions are affected: IBM Security Access Manager for Web versions 7.0 and 8.0, Security Access Manager for Mobile version 8.0, Security Access Manager version 9.0

IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. A local attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the name parameter in getdata requests. The issue lies in the failure to properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Ecava IntegraXor is a web-based tool for creating and running HMI interfaces for SCADA systems. An attacker could exploit the vulnerability to compromise an affected application, access or modify data, or exploit a potential vulnerability in the underlying database. IntegraXor version 5.0.413.0 is vulnerable

A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version. Multiple HP Products are prone to an unspecified remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382958 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05382958 Version: 1 HPSBST03588 rev 1. The vulnerability could be remotely exploited resulting in arbitrary command execution. References: - CVE-2016-8529 - Remote Arbirtary Command Execution SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HISTORY Version:1 (rev.1) - 31 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYkRYaAAoJELXhAxt7SZaiI3cH/09Oy8G0K9tUp+9kRCKI04H2 LcxGvxDH/MSEsyK7tbUI4hLnaVgPe8UMCMnW/krJowYcbBoyaUTxLYcMhyKDJs4B iieAE3nrOaweG8qazpYVQSNFaRgT77axLigzPeZQdI10acWJQC+Eyz8vCEcOt8IM AI9CXsw0NWxo97ZRaSp02KW7klWP/XTjjVZafa0EOxmi6GNolW8b+Qczz3UPb8we 0bhSfI9Y8/PoMqjadYgQn6rsSyhJYozVJF9mcWb+xbdql/dYIku1DR58b8a8NHsN LKLKJIGZCIiKHIwE0AmjXIVMyepva+YojgwMIKE7+qlD8Ff3TBHAEzL0nVBHF1U= =Wl+D -----END PGP SIGNATURE-----

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices. Dataprobe iBootBar is a set of remote power management solutions from Dataprobe Corporation of the United States, which provides serial ports, optional internal modem and DTMF audio dialing control, etc. A security vulnerability exists in Dataprobe iBootBar using version 2007-09-20 firmware

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. NETGEARWNR2000v5router is a popular router device. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. An information disclosure vulnerability 3. A stack-buffer overflow vulnerability An attacker may leverage this issue to bypass the authentication mechanism and perform unauthorized actions, obtain sensitive information, or execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. NETGEARWNR2000v5router is a popular router device. NETGEARWNR2000v5router has a certification bypass vulnerability. An attacker could exploit this vulnerability to bypass the authentication mechanism and perform unauthorized operations. Netgear WNR2000 is prone to the following vulnerabilities: 1. An authentication-bypass vulnerability 2. Failed exploit attempts will likely cause a denial-of-service condition. Netgear WNR2000 firmware version 5 is affected; other versions may also be affected. A security vulnerability exists in the NETGEAR WNR2000v5 router

An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234. D-LinkDWR-932Brouter is a wireless router product from D-Link. A security hole exists in the D-Link DWR-932B router using firmware version 02.02eu. An attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. This may lead to further attacks

An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. D-LinkDWR-932B has an input validation vulnerability that allows remote attackers to exploit a vulnerability to submit a special request and execute the \"/sbin/telnetd-l/bin/sh\" command. Dlink DWR-932B is prone to the following security vulnerabilities: 1. An insecure default-password vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 4. Multiple security weaknesses 5. An information-disclosure vulnerability 6. A command-injection vulnerability 7. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to bypass certain security restrictions to perform unauthorized actions, bypass-authentication mechanism, gain access to potentially sensitive information, or execute arbitrary commands in the context of the affected device. This may lead to further attacks. A security vulnerability exists in D-Link DWR-932B routers using firmware version 02.02eu. An attacker could exploit this vulnerability to gain privileges