VARIoT IoT vulnerabilities database

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles L2TP security vulnerabilities, allowing remote attackers to exploit vulnerabilities by sending special messages to crash the target ESP and overload the target device. The Cisco ASR 1000 Series Routers are prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID's CSCsw95722 and CSCsw95496

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the AudioRecord method in the RTSPVIDEO ActiveX control. The implementation copies the user-supplied string for the ip parameter to a fixed-size stack buffer without validating its size, which can lead to a stack buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Moxa SoftCMS is a central management software for managing large surveillance systems. Moxa SoftCMS 1.3 and earlier has a buffer overflow vulnerability. Moxa SoftCMS is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. The software supports real-time video monitoring, video playback and event management, etc. The vulnerability is caused by the fact that the program does not correctly verify the size of the 'ip' parameter

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the setConfigPath method of the IPCam.IPCam_Video_Render_Plugin.1 control. The implementation copies the user-supplied string to a field in a heap-based buffer without validating its size, which can lead to a heap buffer overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Moxa SoftCMS is a central management software for managing large surveillance systems. Moxa SoftCMS is prone to multiple unspecified buffer-overflow vulnerabilities because it fails to properly bounds-check user supplied input. The software supports real-time video monitoring, video playback and event management, etc. The vulnerability stems from the fact that the program does not fully verify the 'strIP' parameter and the 'strUserName' parameter in the setUserInfoData method of the VLCPlugin control, and the input of the Open3 method in the RTSPVIDEO.rtspvideoCtrl.1 control. Strings, input strings for multiple methods (AudioRecord, Open, and Open2) in the RTSPVIDEO ActiveX control, input strings for multiple methods (setRecordPrefix, setStreamRecordData, and setConfigPath) in the IPCam.IPCamVideoRender_Plugin.1 control

The OSIsoft PI System is a suite of data acquisition, analysis, and visualization software. PI Server is the core product of PI System. OSIsoft PI Data Archive is a component of PI Server that efficiently stores and archives high-performance data retrieval through client software. OSIsoft PI Data Archive has multiple security vulnerabilities that allow remote attackers to exploit vulnerabilities to elevate permissions, execute arbitrary code, or obtain sensitive information

The Rockwell Automation 1766-L32 Series is a 1766-L32 Series Programmable Logic Controller (PLC). The Rockwell Automation 1766-L32 Series failed to adequately filter user-submitted input, allowing remote attackers to exploit vulnerabilities to submit special requests to view system file content with WEB privileges

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. Innominate mGuard is prone to a denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition, denying service to legitimate users. Innominate mGuard 8.0.0 through 8.1.6 are vulnerable. Innominate mGuard is an mGuard series product suite of German Innominate Company that includes network security devices such as firewalls and VPNs

Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. The Siemens SIMATIC S7-1200 CPU device is a small programmable controller from Siemens AG that is well suited to the needs of small and medium-sized automation systems. A remote attacker could exploit this vulnerability to perform unauthorized operations. Siemens SIMATIC S7-1200 is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Other attacks are also possible. Versions prior to SIMATIC S7-1200 4.1.3 are vulnerable

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a denial of service (Embedded Services Processor crash) via crafted IP packets, aka Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623. Vendors have confirmed this vulnerability Bug ID CSCtf87624 , CSCte93229 , CSCtd19103 ,and CSCti63623 It is released as.Skillfully crafted by a third party IP Service disruption via packets ( Embedded service processor ) There is a possibility of being put into a state. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router handles IP packets with security vulnerabilities. It allows remote attackers to exploit vulnerabilities by sending special IP packets to trigger vulnerabilities in the VFR function and crash the target ESP. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCtf87624, CSCte93229, CSCtd19103, and CSCti63623

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files

Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. IBM B2B Advanced Communications is a B2B advanced communications product. Multiple IBM products are prone to an unspecified cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. The Cisco ASR1000 Series Aggregation Services Router provides a WAN edge solution that combines information, communications, collaboration and business. The Cisco ASR 1000 Series Router has a security vulnerability in the processing of UDP packets. This allows the remote attacker to use the vulnerability to send special IPv4 packets. This can cause ESP to process packets and cause device overload. Cisco IOS XE Software is prone to a denial-of-service vulnerability. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsw95482

The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. The Cisco Application Control Engine 4700 A5 is a next-generation load balancing and application delivery solution for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. A local attacker may exploit this issue to gain elevated system privileges on the device. This issue is being tracked by Cisco Bug ID CSCur23662

Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Rendezvous Daemon (rvd), Routing Daemon (rvrd), Secure Daemon (rvsd), Secure Routing Daemon (rvsrd), Gateway Daemon (rvgd), Daemon Adapter (rvda), Cache (rvcache), Agent (rva), and Relay Agent (rvrad) components. TIBCO Rendezvous and others are products of TIBCO Software Corporation of the United States. TIBCO Rendezvous is a middleware product that helps users quickly build and deploy large-scale distributed applications; Substation ES is a substation product that integrates communications software and provides real-time information exchange; Messaging Appliance is a set that reduces transmission delays and improves A messaging software that predicts capabilities and improves message throughput. A buffer overflow vulnerability exists in the HTTP management interface for several TIBCO products. A remote attacker could exploit the vulnerability to cause a denial of service or to execute arbitrary code. Multiple TIBCO products are prone to multiple buffer-overflow vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. The following products are vulnerable: TIBCO Rendezvous 8.4.3 and prior TIBCO Rendezvous Network Server 1.1.0 and prior TIBCO Substation ES 2.8.1 and prior TIBCO Messaging Appliance 8.7.1 and prior

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. An attacker can exploit this issue to gain access to sensitive information that may help in further attacks. This issue is being tracked by Cisco Bug Id CSCuv78531

Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. http://cwe.mitre.org/data/definitions/428.htmlBy local users %SYSTEMDRIVE% Permissions may be obtained through the folder Trojan program. Dell SonicWall NetExtender is prone to a remote privilege-escalation vulnerability. Remote attackers can exploit this issue to execute arbitrary code with elevated privileges. Dell SonicWall NetExtender is a SonicWALL network security appliance (NSA) thin client of Dell (Dell), which supports secure connections to remote networks, and can run any application, upload and download files, etc. Dell SonicWall NetExtender Unquoted Autorun Privilege Escalation Vendor Website : http://www.sonicwall.com INDEX --------------------------------------- 1. CVE 2. Background 3. Description 4. Affected Products 5. Solution 6. Credit 7. Disclosure Timeline 1. CVE --------------------------------------- CVE: 2015-4173 2. BACKGROUND --------------------------------------- SonicWALL NetExtender is a transparent software application for users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network. Users can upload and download files, mount network drives, and access resources in the same way as if they were on the local network. The NetExtender connection uses a Point-to-Point Protocol (PPP) connection 3. Placement of a malicious binary by a potential attacker within the parent path could allow privileged code execution upon administrative login. 4. AFFECTED PRODUCTS --------------------------------------- Dell SonicWall NetExtender 7.5.215 5. SOLUTION --------------------------------------- Upgrade to firmware version 7.5.1.2 or 8.0.0.3. 6. CREDIT --------------------------------------- This vulnerability was discovered by Andrew Smith of Sword & Shield Enterprise Security. 7. DISCLOSURE TIMELINE --------------------------------------- 5-24-2015 - Vulnerability Discovered/Vendor Informed 5-28-2015 - Vendor Confirmed Report/Vendor Gives Fix Timeline 5-29-2015 - CVE Requested 8-14-2015 - Fix Released and Public Disclosure by Vendor

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. Vendors have confirmed this vulnerability Bug ID CSCum49054 ,and CSCum49059 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCum49054 and CSCum49059

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Virtual server is one of the virtual server software components. The following products and versions are affected: F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, PEM 11.5.1 11.5.x before HF10, 11.5.3 before HF1, 11.6 before HF5. 0 version; BIG-IQ Cloud, Device, Security version 4.4.0 to 4.5.0 version; BIG-IQ ADC version 4.5.0

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. This vulnerability CVE-2015-5127 , CVE-2015-5130 , CVE-2015-5134 , CVE-2015-5539 , CVE-2015-5540 , CVE-2015-5550 , CVE-2015-5551 , CVE-2015-5556 , CVE-2015-5557 , CVE-2015-5559 , CVE-2015-5561 , CVE-2015-5563 , CVE-2015-5564 ,and CVE-2015-5565 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 18.0.0.209 and earlier versions and Adobe Flash Player Extended Support Release 13.0.0.309 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player for Windows, Macintosh and Linux platforms Google Chrome 18.0.0.209 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 18.0.0.209 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.209 on Windows 8.0 and 8.1 and previous versions, Adobe Flash Player for Linux 11.2.202.491 and previous versions based on Linux platforms, AIR Desktop Runtime 18.0.0.180 and previous versions based on Windows and Macintosh platforms, and AIR SDK 18.0 based on Windows, Macintosh, Android and iOS platforms. 0.180 and earlier and AIR SDK & Compiler 18.0.0.180 and earlier

The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. Cisco Wireless LAN Controller is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuv40033. A security vulnerability exists in the IAPP module in Cisco WLC devices using version 8.1(104.37) software

Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords.". Dedicated Micros Digital video recorder products by default communicate with plain text that is not encrypted and do not authenticate users with a password. Do not encrypt sensitive data (CWE-311) Dedicated Micros The digital video recorder product of the default is a protocol that does not encrypt communication contents by default. HTTP , Telnet , FTP It is the end user's responsibility to configure to use a more secure protocol. Therefore, with the default settings, communications may be viewed or altered by a third party. CWE-311: Missing Encryption of Sensitive Data https://cwe.mitre.org/data/definitions/311.html Inappropriate access control (CWE-284) - CVE-2015-2909 Dedicated Micros Digital video recorder products by default do not require user authentication by default. End users can set a password on the device, but it is not required. With the default settings, the device may be freely accessed or altered by a third party. CWE-284: Improper Access Control https://cwe.mitre.org/data/definitions/284.htmlSensitive data can be viewed and manipulated by a remote attacker. Also, devices that are not configured securely can be completely deprived of control. A number of Dedicated Micros products have security vulnerabilities that allow remote attackers to exploit the vulnerability to gain unauthorized access to the device. This may aid in further attacks