VARIoT IoT vulnerabilities database

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. Lenovo XClarity Administrator is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to to gain elevated privileges. Versions prior to Lenovo XClarity Administrator 1.2.0 are vulnerable. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The solution supports simplified infrastructure management, faster server response, and improved Lenovo server system performance. Attackers can use this vulnerability to log in to the LXCA system, download log files, and obtain temporary management passwords and access rights to the LXCA system

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks

SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition. Huawei SoftCo And multiple eSpace There is a resource management vulnerability in the product software.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei SoftCo is a series of switch products from China Huawei. eSpace is a communication solution of Huawei. Multiple Huawei Products are prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. The following products and versions are affected: Huawei SoftCo V200R003C20 Version; eSpace U1910 V200R003C00 Version, V200R003C20 Version, V200R003C30 Version; eSpace U1911 V200R003C20 Version, V200R003C30 Version; eSpace U1930 V200R003C20 Version, V200R003C30 Version; eSpace U1960 V200R003C20 Version, V200R003C30 Version; eSpace U1980 V200R003C20 version, V200R003C30 version; eSpace U1981 V200R003C20 version, V200R003C30 version

ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). HuaweiMate8 is a smartphone product from China's Huawei company. An attacker could use the vulnerability to entice a user to install a malicious application to enter specific parameters into the phone, causing the system to reboot. Huawei M8 Products are prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition

On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Networks Junos OS. The following versions are affected: 12.1X46 before 12.1X46-D55, 12.1X47 before 12.1X47-D45, 12.3R13 before 12.3R13, 12.3X48 before 12.3X48-D35, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.1X55 before 14.1X55-D35, 14.2 before 14.2R6, 15.1 before 15.1F2 or 15.1R1, 15.1X49-D20 15.1X49 version

On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash and restart the affected device, denying service to legitimate users. Junos OS is a network operating system dedicated to the company's hardware systems. An attacker could exploit this vulnerability by means of a specially crafted multicast packet to cause a denial of service (the flowd daemon crashes). The following releases are affected: Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60

On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses. Juniper Networks Run on products and platforms Junos OS Is DHCPv6 Data processing vulnerabilities exist when is enabled.Service operation interruption (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash and restart the affected device, denying service to legitimate users. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK

SAP NetWeaver Java is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. SAP NetWeaver 7.5 is vulnerable.

QNAPNAS is a network storage device from Taiwan's QNAP Systems Technology Co., Ltd. for home, SOHO, and SMB users. The QNAPNAS device's /home/httpd/cgi-bin/cgi.cgi file has a buffer overflow vulnerability that could allow an attacker to execute arbitrary code in the context of an application or to cause a denial of service.

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials. OSIsoft PI Coresight and PI Web API Contains an information disclosure vulnerability.Information may be disclosed via server log files. OSIsoft PI Coresight is a web-based tool for secure access to PI System data. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. SAP Single Sign On is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. SAP NetWeaver is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SAP NetWeaver 7.40 is vulnerable; other versions may also be affected

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. IntelEthernetControllerX710 and so on are Intel's Ethernet controllers. A denial of service vulnerability exists in versions of Non-VolatileMemory 5.05 in IntelEthernetControllerX710 and XL710. This vulnerability could be exploited by a remote attacker to cause the controller to stop relaxing and receiving data. Multiple Intel Ethernet Controller are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Intel Ethernet Controller's X710/XL710 prior to 5.05 version are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05368378 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05368378 Version: 1 HPSBHF03695 rev.1 - HPE Ethernet Adaptors, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. - HPE ProLiant XL260a G9 Server - All versions - HPE Ethernet 10Gb 2-port 562FLR-SFP+ Adapter - All versions - HPE Ethernet 10Gb 2-port 562SFP+ Adapter - All versions - HPE Ethernet 10Gb 4-port 563SFP+ Adapter - All versions BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-8106 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided the following updates to resolve the vulnerability with the impacted HPE Ethernet Adaptors. The HPE Ethernet Adaptor images use NVM version 4.x and have been updated with the HotFix which are available at the following locations: - 32-bit Linux:<https://www.hpe.com/global/swpublishing/MTX-cea984d66d07469b8048f079b > - 64-bit Linux:<https://www.hpe.com/global/swpublishing/MTX-c4fd6fcbe4fd4390a0f2c915e > - 32-bit Windows:<https://www.hpe.com/global/swpublishing/MTX-3dd92e868b204929bdfd7a3 c7> - 64-bit Windows:<https://www.hpe.com/global/swpublishing/MTX-9cb85937af1540a79337ee4 c8> - VMware: <https://www.hpe.com/global/swpublishing/MTX-b1185092d8334d4cb91321273e> **Note:** For more details, please refer to the *Intel Security Advisory* INTEL-SA-00063 about this vulnerability: <https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00063&langu geid=en-fr>. HISTORY Version:1 (rev.1) - 24 January 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYh7QoAAoJELXhAxt7SZaiX4oH/3IIVjO3+tXOcZfzb1LtmYYc ENRNIUpFV3Zb0LpLGCiu8dD0k3xUsYYiB/+mn2iDJQjmEMckPJEZpWJaVGTrBr6f qUOkaxAH1llYIK5oNHowHxL96PFJB7K7BruE9yypgJoY812ddmyxRAhkR1+eJozA 7eqvsD0wfBmBLCwdtvHGNDVQ3JJI+MSf5ADvaGMf0iWG0ENq0QaBJio9spehMKMp ZtWyaB39NOIkPhp9VzUn5zJIUWtYO4jFo9vJkzKrJz+OxamLWEaV4WNj1E3yggKh IoRV0I9aFUrYjn584dLKQ6KsylJAK2EbQawivhe5W/tz+t0dHADoN/+eRt1ebko= =lxiH -----END PGP SIGNATURE-----

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. Guofuan security authentication gateway ha_old.php page has an arbitrary command execution vulnerability. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. There is an arbitrary command execution vulnerability in the hot.php page of Guofuan Security Authentication Gateway. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917. Vendors have confirmed this vulnerability SVE-2016-6917 It is released as.No permission (zero-permission) Android Service installation disruption by installing applications ( Continuous crash ) There is a possibility of being put into a state. SamsungAndroid is a series of Android smartphones from South Korea's Samsung. There is a security hole in the SamsungAndroid device. An attacker could exploit the vulnerability with a specially crafted resource profile to cause a system crash that could result in a denial of service. Multiple Samsung Android Mobile Phones are prone to a denial-of-service vulnerability. An attacker can exploit this issue to factory reset the device, resulting in denial-of-service conditions

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. St. St.Jude Medical Merlin@home transmitter is a product of St.Jude Medical of the United States for remote care management of patients implanted with cardiac devices. Merlin@home has a human security bypass vulnerability. Merlin@home is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to Merlin@home 8.2.2 are vulnerable. Jude Medical Merlin@home transmitter is a product of St

D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. The D-Link DGS-1100 is an Ethernet switch from D-Link. DLink DGS-1100 switch is prone to a local security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. Guofuan Security Authentication Gateway double_view.php page has an arbitrary command execution vulnerability. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. Rockwell Automation is a UK company providing information on industrial automation control and globalization. The MicroLogix 1100 and 1400 Series products are used in food, agriculture, and water and wastewater systems. There are unauthorized access vulnerabilities in Rockwell Automation MicroLogix 1100 and 1400. The attacker exploited the vulnerability to obtain sensitive information, unauthorized access to the affected device or denial of service. An attacker could exploit this vulnerability to obtain certificates