VARIoT IoT vulnerabilities database

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. Cisco Emergency Responder Contains a cross-site scripting vulnerability. The software provides features such as real-time location tracking database and caller's location

IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlRound robin by a third party (brute-force) Access may be gained through an attack. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. It provides user access management and Web application protection function. There is a security hole in ISAM for Web, which is caused by the fact that the program does not set a locking mechanism for invalid login requests. The following versions are affected: ISAM for Web Version 7.0, Version 8.0, Version 9.0

Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. It provides user access management and Web application protection function. A cross-site scripting vulnerability exists in ISAM for Web versions 8.0 and 9.0

Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors

Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. A remote attacker could exploit this vulnerability to perform unauthorized operations

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software is a set of Web-based smart grid lighthouse sensor management system developed by Tollgrade Company in the United States. Security vulnerabilities exist in Tollgrade SmartGrid LightHouse SMS Software versions prior to 5.1 and 4.1.0 Build 16

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. A remote attacker could exploit this vulnerability to change arbitrary passwords

The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. Cisco Spark is a set of collaborative service solutions of Cisco (Cisco). By providing a virtual space, the solution allows teams at any location to work together, call and video, discuss issues, store team files and documents, etc

The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. Vendors have confirmed this vulnerability Bug ID CSCux45338 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party may be able to bypass content restrictions via malformed email messages that contain encoded files. The solution supports access to the best global threat intelligence to strengthen network defenses and continuous analysis of file and data traffic to defend against front-line threats. Proxy engine is one of the proxy engine components. The following releases are affected: Cisco ESA Release 9.5.0-201, Release 9.6.0-051, Release 9.7.0-125

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. Cisco Prime Collaboration is a set of enterprise collaboration network management solutions from Cisco. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A local attacker can exploit this vulnerability to execute arbitrary operating system commands with root privileges

The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. Cisco Spark is a set of collaborative service solutions of Cisco (Cisco). By providing a virtual space, the solution allows teams at any location to work together, call and video, discuss issues, store team files and documents, etc

The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. Vendors have confirmed this vulnerability Bug ID CSCuv84125 It is released as.Service operation disruption by accessing the management page by a third party ( Stop resources ) There is a possibility of being put into a state. Cisco Spark is a set of collaborative service solutions of Cisco (Cisco). By providing a virtual space, the solution allows teams at any location to work together, call and video, discuss issues, store team files and documents, etc

Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7), 9.4 before 9.4(2.4), and 9.5 before 9.5(2.2) on ASA 5500 devices, ASA 5500-X devices, ASA Services Module for Cisco Catalyst 6500 and Cisco 7600 devices, ASA 1000V devices, Adaptive Security Virtual Appliance (aka ASAv), Firepower 9300 ASA Security Module, and ISA 3000 devices allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via crafted UDP packets, aka Bug IDs CSCux29978 and CSCux42019. Cisco Adaptive Security Appliance (ASA) of Internet Key Exchange version 1 and 2 (IKEv1, IKEv2) Contains a buffer overflow vulnerability. By exploiting the vulnerability, an attacker can execute code remotely. Buffer overflow (CWE-119) - CVE-2016-1287 Exodus Intelligence The advisory states that: : * "The algorithm for re-assembling IKE payloads fragmented with the Cisco fragmentation protocol contains a bounds-checking flaw that allows a heap buffer to be overflowed with attacker-controlled data. A sequence of payloads with carefully chosen parameters causes a buffer of insufficient size to be allocated in the heap which is then overflowed when fragment payloads are copied into the buffer. Attackers can use this vulnerability to execute arbitrary code on affected devices. (Cisco fragmentation protocol Divided by IKE The algorithm for recombining payloads is flawed in the bounds checking process, allowing the buffer on the heap to overflow with data that an attacker can control. Given a specially crafted payload sequence, a smaller buffer is reserved on the heap memory and overflow occurs when the payload is copied into the buffer. An attacker can exploit this vulnerability to execute arbitrary code on the affected device. )" CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer http://cwe.mitre.org/data/definitions/119.html IKEv1 and IKEv2 With VPN Systems that are configured to terminate are affected by this vulnerability. Cisco Security Advisory Whether the system is affected by the vulnerability (crypto map Whether or not ) Describes how to check. Cisco Security Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ikeCrafted by a remote attacker UDP If a packet is sent directly to the affected device, arbitrary code can be executed and the system can be hijacked. CiscoASA is an adaptive security appliance that provides a modular platform for security and VPN services, providing firewall, IPS, anti-X and VPN services. The platform provides features such as highly secure access to data and network resources

The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. IBM Security Access Manager for Web is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. It provides user access management and Web application protection function. There is a security loophole in the SSH implementation of ISAM for Web. The loophole is caused by the program not correctly restricting the setting of the MAC algorithm. The following versions are affected: ISAM for Web Version 7.0, Version 8.0, Version 9.0

The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. HuaweiSmartAXMT882 is a router product. A denial of service vulnerability exists in the HuaweiSmartAXMT882 device V200R002B022Arg. The WHIP service relies on the client to send the length field. This can cause a remote attacker to cause a denial of service through the data stream constructed on TCP port 8701. Huawei SmartAX MT882 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. There is a security vulnerability in the Windows-based Host Interface Program (WHIP) service of Huawei SmartAX MT882 V200R002B022 Arg version. The vulnerability comes from the fact that the program determines the buffer size according to the length field in the data packet sent by the client

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. Huawei SmartAX MT882 Used on device GlobespanVirata ftpd There is a service disruption ( Stop device ) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. HuaweiSmartAXMT882 is a router product. Huawei SmartAX MT882 is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. GlobespanVirata ftpd is one of the FTP services. There is a security vulnerability in GlobespanVirata ftpd 1.0 used in Huawei SmartAX MT882 V200R002B022 Arg version

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Multiple Dell SonicWALL Products are prone to a remote code-execution vulnerability. Successful exploitation can completely compromise the vulnerable device. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance NOTE: This BID is being retired as it is a duplicate of BID 83200 (Multiple Dell SonicWALL Products Multiple Remote Code Execution Vulnerabilities). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. Authentication is required to exploit this vulnerability.The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. An attacker could leverage this vulnerability to execute code with root privileges on the underlying operating system. Dell SonicWALL GMS (Global Management System), Analyzer and UMA EM5000 are all products of Dell (Dell). GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Analyzer is a set of network analyzer software for SonicWALL infrastructure. UMA EM5000 is a set of general management equipment software. The following products and versions are affected: Dell SonicWALL GMS, Analyzer, UMA EM5000 version 7.2, version 8.0, version 8.1 before Hotfix 168056

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx. Ipswitch MOVEit is an automated file transfer system from Ipswitch Corporation in the United States. The system supports control, management, and visibility into all business-critical file transfer activities through a single, secure system. DMZ and Mobile are the versions

The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll. Ipswitch MOVEit is an automated file transfer system from Ipswitch Corporation in the United States. The system supports control, management, and visibility into all business-critical file transfer activities through a single, secure system. DMZ is one version of this. There is a security vulnerability in the MOVEitISAPI service of Ipswitch MOVEit DMZ 8.1 and earlier versions. A remote attacker can exploit this vulnerability to enumerate FileIDs by using the 'X-siLock-FileID' parameter in the download operation of the MOVEitISAPI/MOVEitISAPI.dll file