VARIoT IoT vulnerabilities database

The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985. The Cisco Application Policy Infrastructure Controller is a controller that automates the management of application-centric infrastructure (ACI). This issue is being tracked by Cisco Bug ID CSCuu83985

Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. (1) Reports Component WrFreeFormText.asp of UniqueID ( alias sUniqueID) Parameters (2) Find Device Parameters. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications. The vulnerability comes from the fact that the WrFreeFormText.asp file in the Reports component does not fully filter the 'UniqueID' parameter; the program does not fully filter the 'Find Device' parameter

Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. IPSwitch WhatsUp Gold Contains a cross-site scripting vulnerability.By any third party, via Web Script or HTML May be inserted. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlA third party may gain administrative access. The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. The Adcon Telemetry A840 Telemetry Gateway is a core gateway product for monitoring networks in Adcon Telemetry, Austria. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks. The vulnerability is due to the fact that the program does not use SSL to encrypt network communication

Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. Vendors have confirmed this vulnerability Bug ID CSCul83786 It is released as.Service disruption by a third party through an invalid session token ( Stop subsystem ) There is a possibility of being put into a state. This component provides a scalable, distributed, and highly available enterprise IP telephony call processing solution. This issue is being tracked by Cisco Bug ID CSCul83786

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3)S0.1 on ASR devices mishandles internal tables, which allows remote attackers to cause a denial of service (memory consumption or device crash) via a flood of crafted ND messages, aka Bug ID CSCup28217. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOS 15.3(3)S0.1 on ASR. Allowing remote attackers to flood through elaborate ND messages leads to denial of service. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCup28217. The vulnerability is caused by the program not correctly handling the internal form

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands by leveraging Local Management Interface (LMI) access. Attackers can exploit this issue to execute arbitrary OS commands in context of the affected application. Failed exploit attempts will result in denial-of-service conditions. The former is a set of products used in user authentication, authorization and Web single sign-on solutions, which provides user access management and Web application protection functions, and the latter is a set of scalable network access for network, cloud and mobile environments Functional security solutions, which can help customers and enterprises to view user access behaviors in many network applications and services, and solve the security problems caused by them. There are security holes in ISAM for Web and ISAM. The following versions are affected: ISAM for Web versions 7.0 and 8.0, ISAM version 9.0

Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug ID CSCuu15266. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There are security vulnerabilities in CUCM versions 8.0 to 8.6

Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via a multiple-layer PDF document, a different vulnerability than CVE-2015-6696 and CVE-2015-6698. This vulnerability CVE-2015-6696 and CVE-2015-6698 Is a different vulnerability.By attackers, multiple layers PDF Arbitrary code may be executed through the documentation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within AGM.dll. Failed exploit attempts will likely cause a denial-of-service condition. Adobe Acrobat DC, etc. are all products of Adobe (Adobe) in the United States. Acrobat DC is a desktop PDF solution; Acrobat Reader DC is a set of tools for viewing, printing and annotating PDF. 15 and earlier versions

Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. Vendors have confirmed this vulnerability Bug ID CSCuw48188 It is released as.Settings can be changed by third parties through direct requests. The solution supports automated ordering of a unified service catalog of computing, networking, storage, and other data center resources. A remote attacker could exploit this vulnerability to modify the configuration by sending a direct request

Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Akihiro Nakajima of NTT Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged as a proxy server to conduct cyber attacks. CoregaCG-WLBARAGM has a denial of service vulnerability. A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site that is hosting the vulnerable script

HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. HPENetworkSwitches is a network switch from HP. There are security vulnerabilities in HPENetworkSwitches15.16.x and 15.17.x versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04920918 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04920918 Version: 2 HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-12-11 Last Updated: 2016-02-05 Potential Security Impact: Bypass Security Restrictions, Indirect Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HPE Network Switches. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. References: PSRT102924 CVE-2015-6859 CVE-2015-6860 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE Aruba Network Switches Firmware Version KB.15.18.0007 HPE Aruba Network Switches Firmware Version KB.15.18.0006 Note: see the resolution section for a list of impacted switch model numbers BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-6859 (AV:L/AC:L/Au:S/C:P/I:P/A:P) 4.3 CVE-2015-6860 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following software update available to resolve the vulnerability. HPE Network Switch software KB.16.01.0004 Impacted switch model numbers: J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch HISTORY Version:1 (rev.1) - 10 November 2015 Initial release Version:2 (rev.2) - 5 February 2016 Revised impacted software, impacted hardware products and resolution Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWtRJOAAoJEGIGBBYqRO9/pWAIAKRQ3fJDht7qQ0V4UrprOMan N7KBj2Tt7DMqD8+xo4+pxqhJWE7077JKG83mELpvkGKG3t4kUVtc147aNUOOqk7T JvDoIN3JdvMI8bYZaNAPKeUR0bcODQ2eRvkzc1IBhvTlal9qMi13LuJMT369mUDc KobEP3qPUca1RDZOu6TMIzietJJVp+IkMcmtU7BW3chTGEOFW6n39MPzokqvI7PK QK038FTZpLtuN0Xhhfq8RmI3L1Ef33fLPoUnIy0dxGZW7hRfGw4Tu7jk7hU30DDp aC83KOH3uQ9t9XSFts1ln4F7OtGO7mWR0UKKWvuiHvRIErTyiv5OBmAb8mAzLyE= =+zEy -----END PGP SIGNATURE-----

HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. HPENetworkSwitches is a network switch from HP. There are security vulnerabilities in HPENetworkSwitches15.16.x and 15.17.x versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04920918 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04920918 Version: 2 HPSBHF03431 rev.2 - HPE Network Switches, local Bypass of Security Restrictions, Indirect Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-12-11 Last Updated: 2016-02-05 Potential Security Impact: Bypass Security Restrictions, Indirect Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HPE Network Switches. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. References: PSRT102924 CVE-2015-6859 CVE-2015-6860 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE Aruba Network Switches Firmware Version KB.15.18.0007 HPE Aruba Network Switches Firmware Version KB.15.18.0006 Note: see the resolution section for a list of impacted switch model numbers BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-6859 (AV:L/AC:L/Au:S/C:P/I:P/A:P) 4.3 CVE-2015-6860 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HPE has made the following software update available to resolve the vulnerability. HPE Network Switch software KB.16.01.0004 Impacted switch model numbers: J9821A HP 5406R zl2 Switch J9822A HP 5412R zl2 Switch J9823A HP 5406R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9824A HP 5406R-Gig-T-PoE+/SFP v2 zl2 Swch J9825A HP 5412R-Gig-T-PoE+/SFP+ v2 zl2 Swch J9826A HP 5412R-Gig-T-PoE+/SFP v2 zl2 Swch J9850A HP 5406R zl2 Switch J9851A HP 5412R zl2 Switch J9868A HP 5406R-8XGT/8SFP+ v2 zl2 Swch HISTORY Version:1 (rev.1) - 10 November 2015 Initial release Version:2 (rev.2) - 5 February 2016 Revised impacted software, impacted hardware products and resolution Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWtRJOAAoJEGIGBBYqRO9/pWAIAKRQ3fJDht7qQ0V4UrprOMan N7KBj2Tt7DMqD8+xo4+pxqhJWE7077JKG83mELpvkGKG3t4kUVtc147aNUOOqk7T JvDoIN3JdvMI8bYZaNAPKeUR0bcODQ2eRvkzc1IBhvTlal9qMi13LuJMT369mUDc KobEP3qPUca1RDZOu6TMIzietJJVp+IkMcmtU7BW3chTGEOFW6n39MPzokqvI7PK QK038FTZpLtuN0Xhhfq8RmI3L1Ef33fLPoUnIy0dxGZW7hRfGw4Tu7jk7hU30DDp aC83KOH3uQ9t9XSFts1ln4F7OtGO7mWR0UKKWvuiHvRIErTyiv5OBmAb8mAzLyE= =+zEy -----END PGP SIGNATURE-----

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu10981. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. There are security vulnerabilities in the self-service application of CUCDM version 10.6(1)

Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. The Cisco FireSIGHT Management Center centrally manages the network security and operational features of Cisco ASA with FirePOWER Services and Cisco FirePOWER appliances. A remote attacker can exploit this vulnerability to view sensitive information about the underlying operating system. This issue is tracked by Cisco Bug ID CSCur25410. The following releases are affected: Cisco FireSIGHT MC using Release 4.10.3, Release 5.2.0, Release 5.3.0, Release 5.3.1, Release 5.4.0 software

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted parameters in an HTTP request, aka Bug ID CSCuv38286. An attacker can exploit this issue to cause a process crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvo36134. A security vulnerability exists in Supervisor 1.0.0.0 and 1.0.0.1 releases prior to Cisco IMC 2.0(9)

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. Vendors have confirmed this vulnerability Bug ID CSCus15224 It is released as.Through unspecified calculations in the handshake of key exchange data by a third party, TLS Key pairs may be identified. The Cisco Small Business RV Series Routers provide virtual private network technology remotely. An attacker can exploit this issue to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. This issue is being tracked by following Cisco Bug IDs: CSCus15224 CSCus15238 CSCus15436 CSCus15440 CSCus15446 CSCus15451 CSCus15463