VARIoT IoT vulnerabilities database

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. INTERSCHALT VDR G4e is prone to a directory-traversal vulnerability An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks. INTERSCHALT Maritime Systems VDR G4e is a marine voyage data recorder from INTERSCHALT Maritime Systems, Germany

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. There are security holes in Moxa MiiNePort. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted. Moxa MiiNePort is an embedded device networking module designed by Moxa for manufacturers to connect serial devices to the network. An information disclosure vulnerability exists in Moxa MiiNePort, which originated from the program's failure to encrypt configuration data in files. An attacker could use this vulnerability to gain access to the target system. Multiple Moxa MiiNePort products are prone to an information-disclosure vulnerability and a security-bypass vulnerability. Successful attacks can allow an attacker to obtain sensitive information or bypass certain security restrictions

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Security Access Manager is prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. There are information disclosure vulnerabilities in many ISAM products

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected reload of the Network Processing Unit (NPU) process. More Information: CSCva84552. Known Affected Releases: 20.0.0 21.0.0 21.0.M0.64702. Known Fixed Releases: 21.0.0 21.0.0.65256 21.0.M0.64970 21.0.V0.65150 21.1.A0.64973 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.VC0.65203. The Cisco ASR5000 Series Aggregation Services Routers is a set of 9000 Series router devices from Cisco. A remote denial of service vulnerability exists in Cisco ASR5000 Series AggregationServicesRouters. An attacker could exploit this vulnerability to overload an affected device and refuse to provide services to legitimate users. This issue is being tracked by Cisco Bug ID CSCva84552

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb64641. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9. Vendors have confirmed this vulnerability CSCvc10834 It is released as.By remote attacker, against any host TCP Connection may be started. Multiple Cisco Products are prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvc10834

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Affected Products: The following Cisco products are vulnerable: Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Advanced Malware Protection (AMP) for Networks - 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks - 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, FirePOWER Threat Defense for Integrated Services Routers (ISRs), Next Generation Intrusion Prevention System (NGIPS) for Blue Coat X-Series, Sourcefire 3D System Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. More Information: CSCvb20102. Known Affected Releases: 2.9.7.10. Multiple Cisco Products are prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvb20102. Cisco Firepower System Software is a next-generation firewall product (NGFW) of Cisco (Cisco). TCP is one of the network transport protocols. Remote attackers can use specially crafted HTTP to exploit this vulnerability to trick users into downloading malicious files, bypassing the malicious file protection mechanism

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). This issue is being tracked by Cisco Bug ID CSCvb61698. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in CUCM due to insufficient detection of client authentication

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuw26032. An attacker can exploit this vulnerability by sending a large number of TCP packets to the target device to cause a program reset

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. WebSecurityAppliance (WSA) is a product of Cisco Systems Inc., which is a network security device. There is a remote security bypass vulnerability in WebSecurityAppliance. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized actions that may be helpful in further attacks. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCvb49012. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to access a prohibited website

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130). An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb86332 and CSCvb86760. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability is caused by the program's insufficient detection of parameters entered in the HTTP GET or POST method. A remote attacker could exploit this vulnerability to intercept user packets and inject malicious code

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges. This issue is tracked by Cisco Bug ID CSCva38434

Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed. Versions prior to Intel PROSet/Wireless Software and Drivers 19.20.3 are vulnerable

GE Proficy HMI / SCADA-iFIX configuration software is used for process visualization, data acquisition, analysis, and operation monitoring. The software uses the SCADA engine, has multiple connection options, and uses an open, highly scalable distributed network model. A remote denial of service vulnerability exists in the GE configuration software iFIX V5.8. Because the IFix configuration system fails to properly receive the input data of the Modbus PLC, a remote attacker can use this vulnerability to trigger the configuration system to stop working from a lower computer and launch a remote denial of service attack

The D-LinkDAR-8000-X series and the DAR-7000-x series of online behavior auditing gateways provide Internet access behavior management solutions. There are SQL injection vulnerabilities in D-Link's multiple products. The file generated by the vulnerability is in /improtexport.php, because the base64_decode is used to decode the parameters entered by the user, so that the previous defense is bypassed. (where x different represents different products)

SNC-CH115, SNC-CH120, SNC-CH160, etc. are Sony’s IP camera products. Many Sony IPELA ENGINE IP Cameras have backdoor vulnerabilities. Remote attackers can use the vulnerabilities to use Telnet/SSH services for remote management, thereby gaining root privileges of the Linux shell, affecting camera image quality and other functions.

The D-LinkDAR-8000-X series and the DAR-7000-x series of online behavior auditing gateways provide Internet access behavior management solutions. There are SQL injection vulnerabilities in D-Link multiple series behavioral gateways. The problematic file is autheditepwd.php, and the injection parameters are hid_id and oldpwd, allowing attackers to exploit the vulnerability to get database sensitive information. (where x different represents different products)

The D-LinkDAR-8000-X series and DAR-7000-x series of online behavior auditing gateways provide a comprehensive Internet access behavior management solution to fully protect enterprise operational efficiency and information security. There are arbitrary file write vulnerabilities in D-Link multiple series products. The file in question is /improtexport.php, which can cause arbitrary file writes due to failure of the system to validate user input, resulting in a getshell vulnerability. (where x different represents different products)

Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. Huawei P9 and P9 Lite Software contains an authorization vulnerability.Information may be tampered with. HuaweiP9 and P9Lite are Huawei smartphones. Huawei Mobile FRP (FactoryResetProtection) bypasses the vulnerability. The attacker exploits the vulnerability to update the Googleaccount without authorization during the FRP reset process, which causes the FRP function to bypass. An attacker may exploit this issue to bypass certain security restrictions and cause denial-of-service conditions. The Huawei P9 and others are smartphones from the Chinese company Huawei. The following versions are affected: Huawei P9 EVA-AL10C00 version, EVA-CL10C00 version, EVA-DL10C00 version, EVA-TL10C00 version; P9 Lite VNS-L21C185 version