VARIoT IoT vulnerabilities database

Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. The CloudEngine5800, CloudEngine6800, CloudEngine7800, CloudEngine8800, and CloudEngine12800 are Huawei switch devices. A buffer overflow vulnerability exists in the CFM (ConnectivityFault Management) feature of several Huawei products. Multiple Huawei CloudEngine Products are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to reboot the affected device to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Huawei CloudEngine 5800 and others are data center switches of China's Huawei (Huawei). The following products and models are affected: CloudEngine 5800 V100R003C10 , V100R005C00 , V100R005C10 , V100R006C00 ; CloudEngine 6800 V100R003C10 , V100R005C00 , V100R005C10 , V100R006C00 ; CloudEngine 7800 V100R003C10 , V100R005C00 , V100R005C10 , V100R006C00 ; CloudEngine 8800 V100R006C00 ; loudEngine 12800 V100R003C10 , V100R005C00 , V100R005C10 , V100R006C00

In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. Wireshark (formerly known as Ethereal) is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in Wireshark versions 2.2.0 through 2.2.1 and Profinet I/O parsers in versions 2.0.0 through 2.0.7. An attacker could exploit the vulnerability to cause a denial of service (crash). Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. Successful exploitation of the issue will cause excessive CPU resource consumption, resulting in a denial-of-service condition. Wireshark 2.2.0 and 2.2.1 vulnerable

A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. Cisco Firepower System Software is prone to a remote security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug IDs CSCuv36188 and CSCuy91156

A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30). Vendors have confirmed this vulnerability Bug ID CSCva38556 It is released as.By a remote attacker XML A command may be inserted. Cisco ASA is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCva38556 . Cisco Adaptive Security Appliance (ASA, Adaptive Security Appliance) is a set of firewall equipment of Cisco (Cisco). The appliance also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, anti-spam, and more

Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01 allow unauthenticated attackers to send abnormal DHCP request packets to the affected products to trigger a DoS condition. Multiple Huawei products are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition. The Huawei USG9520 and others are the unified security gateway products of China's Huawei (Huawei). Several Huawei devices have a denial of service vulnerability. The following devices are affected: Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 V300R001C01

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. The device provides spam protection, email encryption, and data loss prevention. CiscoEmailSecurityAppliance has a security bypass vulnerability that an attacker can use to bypass security restrictions and perform unauthorized operations. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCva13456

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuz85823. Known Affected Releases: 10.0.0-082 9.7.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. The Cisco AsyncOS operating system is designed to enhance the security and performance of Cisco Email Security appliances. Cisco AsyncOS has a security bypass vulnerability that an attacker can use to bypass security restrictions and perform unauthorized operations. This issue is being tracked by Cisco Bug ID CSCuz85823

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. This vulnerability affects the following Cisco products: Cisco ASR 5000/5500 Series routers, Cisco Virtualized Packet Core (VPC). More Information: CSCva13631. Known Affected Releases: 20.0.0 20.1.0 20.2.0 20.2.3 20.2.v1 21.0.0 21.0.M0.64246. Known Fixed Releases: 20.2.3 20.2.3.65026 20.2.a4.65307 20.2.v1 20.2.v1.65353 20.3.M0.65037 20.3.T0.65043 21.0.0 21.0.0.65256 21.0.M0.64595 21.0.M0.64860 21.0.M0.65140 21.0.V0.65052 21.0.V0.65150 21.0.V0.65366 21.0.VC0.64639 21.1.A0.64861 21.1.A0.65145 21.1.PP0.65270 21.1.R0.65130 21.1.R0.65135 21.1.R0.65154 21.1.VC0.64898 21.1.VC0.65203 21.2.A0.65147. A denial of service vulnerability exists in the Cisco ASR5000Series that could allow an attacker to restart a device and deny legitimate users. This issue is being tracked by Cisco Bug ID CSCva13631

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404). An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvb37121. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed. Huawei UTPS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Huawei UTPS is prone to a local privilege-escalation vulnerability. Local attackers may exploit this issue to execute arbitrary code with elevated privileges. Huawei Unified Terminal PC suite (UTPS) is a data card management application software run on a PC by Huawei, China. There is a privilege escalation vulnerability in versions earlier than Huawei UTPS V200R003B015D16SPC00C983

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication. Lynxspring is an American company. BAS Bridge is a web-based SCADA system. BAS server deployment areas include commercial facilities, manufacturing, energy, water and wastewater systems, and more. There is a verification bypass vulnerability in Lynxspring JENEsys BAS Bridge. A privilege-escalation vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions, gain elevated privileges or perform certain unauthorized actions and gain access to the affected application that may aid in launching further attacks

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. Lynxspring is an American company. BAS Bridge is a web-based SCADA system. BAS server deployment areas include commercial facilities, manufacturing, energy, water and wastewater systems, and more. Lynxspring JENEsys BAS Bridge has a security bypass vulnerability. An attacker exploits a vulnerability to obtain a certificate of authentication, bypassing the verification. A privilege-escalation vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions, gain elevated privileges or perform certain unauthorized actions and gain access to the affected application that may aid in launching further attacks

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY). Lynxspring is an American company. BAS Bridge is a web-based SCADA system. BAS server deployment areas include commercial facilities, manufacturing, energy, water and wastewater systems, and more. The application was not fully validated by the application. An attacker can exploit a vulnerability to create or delete users. A privilege-escalation vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions, gain elevated privileges or perform certain unauthorized actions and gain access to the affected application that may aid in launching further attacks

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. Lynxspring is an American company. BAS Bridge is a web-based SCADA system. BAS server deployment areas include commercial facilities, manufacturing, energy, water and wastewater systems, and more. A privilege elevation vulnerability exists in Lynxspring JENEsys BAS Bridge. A privilege-escalation vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions, gain elevated privileges or perform certain unauthorized actions and gain access to the affected application that may aid in launching further attacks

A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). Cisco IOSXE is Cisco's next-generation network operator routing system, a fully modular and fully distributed network interconnection operating system. Cisco IOSXESoftware has a directory traversal vulnerability that stems from a program failing to adequately filter user-supplied input, and an attacker can use path traversal characters (\"../\") to access or read arbitrary files. This issue is being tracked by Cisco Bug ID's CSCva60013 and CSCvb22622

Beijing Wangkang Technology Co., Ltd. Wangkang Internet Control Gateway is a software and hardware integrated Internet control management product. Beijing Wangkang Technology Co., Ltd.'s Wangkang Internet Control Gateway ns-icg has a weak password vulnerability that allows attackers to use this vulnerability to successfully log in to the system and obtain sensitive information.

Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Barco ClickShare is prone to a remote code-execution vulnerability. Failed exploit attempts may cause a denial-of-service condition. Versions prior to Barco ClickShare 01.09.03 and 01.06.02 are vulnerable. Barco ClickShare CSC-1 etc. are wireless presentation systems of Belgium Barco (Barco). CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200 Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200) A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. The following devices are affected: Barco ClickShare CSC-1 devices with firmware prior to 01.09.03; CSM-1 devices with firmware prior to 01.06.02; CSE-200 devices with firmware prior to 01.03.02. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Barco ClickShare is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks. Versions prior to Barco ClickShare 01.09.03, 01.06.02 and 01.03.02 are vulnerable. Barco ClickShare CSC-1 etc. are wireless presentation systems of Belgium Barco (Barco). A remote attacker can exploit this vulnerability to read the /etc/shadow file. CVE-2016-3152 - /etc/shadow file disclosure in the CSC-1 firmware update Affected versions: all versions prior to v01.09.03 (CSC-1) It is possible to download and extract the firmware image of the CSC-1 and obtain the root password. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V

Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Barco ClickShare is prone to a vulnerability that lets attacker access arbitrary files because it fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to view arbitrary files within the context of the affected application. Versions prior to Barco ClickShare 01.09.03 are vulnerable. Barco ClickShare CSC-1 is a wireless presentation system from Barco, Belgium. Base Unit is one of the basic integration kits. A remote code execution vulnerability exists within the Barco ClickShare base unit software, that could lead to full compromise of the appliance. CVE-2016-3150 - Cross-site Scripting in Barco ClickShare CSC-1, CSM-1 and CSE-200 Affected versions: all versions prior to v01.09.03 (CSC-1), v01.06.02 (CSM-1) and v01.03.02 (CSE-200) A Cross-Site Scripting vulnerability exists within Barco ClickShare's CSC-1 base unit's wallpaper.php due to invalid input and output sanitisation. A Path Traversal vulnerability exists within Barco ClickShare's wallpaper parsing functionality, which leads to disclosure of the /etc/shadow file on the file system. The vendor has acknowledged and patched the aforementioned issues. It is recommended to download and apply the most recent firmware update for your appliance. References: http://www.barco.com/en/mybarco/mysupport/documentation/software/software-detail?nr=R33050020&rev=001002000009 http://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050037&rev=001001000113 https://www.barco.com/en/mybarco/mysupport/productsupport/software/software-detail?nr=R33050070&rev=001001000008 -- Regards, Vincent Ruijter Ethical Hacker Chief Information Security Office KPN B.V