VARIoT IoT vulnerabilities database

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. SBLIM-SFCB is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions

Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA authentication is used, allows remote authenticated users to bypass intended access restrictions via a username with a modified composition of lowercase and uppercase characters, aka Bug ID CSum59958. An attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSum59958. The vulnerability is caused by the program storing case-sensitive usernames and performing case-sensitive string comparisons

Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. The Cisco Aggregation Services Router 5000 and ASR 5500 System Software are Cisco 5000 Series Wireless Controller products from Cisco. Successful exploitation of the issue will cause the OSPF process to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuv62820. A remote attacker could exploit this vulnerability to cause a denial of service (restart)

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. Apple QuickTime is prone to a remote memory-corruption vulnerability. Versions prior to QuickTime 7.7.8 running on Windows 7 and Windows Vista are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-20-1 QuickTime 7.7.8 QuickTime 7.7.8 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz CVE-2015-5779 : Apple CVE-2015-5785 : Fortinet's FortiGuard Labs CVE-2015-5786 : Ryan Pentney and Richard Johnson of Cisco Talos QuickTime 7.7.8 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ You may also update to the latest version of QuickTime via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV1jY/AAoJEBcWfLTuOo7tr4kQAImgsVXAO5Ad2RAPUiBiEHND 4rIQh9GAl3g2OOacqLk752+pz/CSHZYA1X1fKXHCqF7ynfHSQjC656e6f13RI3qP /jGpG3YshNiCYhAZ7ZloweX4DvwFNXw8s/YU689XPRsiEevExYnQWRY5xUmlcJ53 PquSAgoMpLFUwE2fl0wkCNObfKYaq+qSnaKkzo9B/qPlk9k+eqs4FI6/6GCNnekk TYtniCc66kswfcl2BjQdjEXzEIINSHSO0wRceRCIM0zxGhOP4oTB6pls3D7PJZND DgN9PZsT7DHj/N6gfAYxwm8/mBuVjeRYyL9Jg0T4VLWt3CQimrnTdQOylXBbHmOJ 9mdHaxPDyd3BmkGgHyDDkClGVU7j0zBBrRLYWA+YSlp1kZY0L8zkkneeYLn33/H1 1eRhJxaDVsFunxim8t9fnMrwwDv7a5vMTVBw0TzAfSqt2opKn+gT/KMkyBQyMexd PZmROYxLi8SaA0JOP7WIrHBzpUYu3PezagUV+cyYZeX7/Pt44cZabNHLevVjtMw1 8IHdyvZl9h1TA9RtYhb/Btb88aj7udd2TXlT9IF88DYvlNraQOVj5xKMhQLR7G0V F0rU+KN9e4Xon8KfVg/qWwe8bv63NlvMRBg7x/uy3pRxXTpo3h+Kyc8GOuiEXx4J 7RGEq7KIofT9es1sfO5u =ThbL -----END PGP SIGNATURE-----

Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786. Apple QuickTime is prone to a remote memory-corruption vulnerability. Versions prior to QuickTime 7.7.8 running on Windows 7 and Windows Vista are vulnerable. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-08-20-1 QuickTime 7.7.8 QuickTime 7.7.8 is now available and addresses the following: QuickTime Available for: Windows 7 and Windows Vista Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz CVE-2015-5779 : Apple CVE-2015-5785 : Fortinet's FortiGuard Labs CVE-2015-5786 : Ryan Pentney and Richard Johnson of Cisco Talos QuickTime 7.7.8 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ You may also update to the latest version of QuickTime via Apple Software Update, which can be found in the Start menu. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV1jY/AAoJEBcWfLTuOo7tr4kQAImgsVXAO5Ad2RAPUiBiEHND 4rIQh9GAl3g2OOacqLk752+pz/CSHZYA1X1fKXHCqF7ynfHSQjC656e6f13RI3qP /jGpG3YshNiCYhAZ7ZloweX4DvwFNXw8s/YU689XPRsiEevExYnQWRY5xUmlcJ53 PquSAgoMpLFUwE2fl0wkCNObfKYaq+qSnaKkzo9B/qPlk9k+eqs4FI6/6GCNnekk TYtniCc66kswfcl2BjQdjEXzEIINSHSO0wRceRCIM0zxGhOP4oTB6pls3D7PJZND DgN9PZsT7DHj/N6gfAYxwm8/mBuVjeRYyL9Jg0T4VLWt3CQimrnTdQOylXBbHmOJ 9mdHaxPDyd3BmkGgHyDDkClGVU7j0zBBrRLYWA+YSlp1kZY0L8zkkneeYLn33/H1 1eRhJxaDVsFunxim8t9fnMrwwDv7a5vMTVBw0TzAfSqt2opKn+gT/KMkyBQyMexd PZmROYxLi8SaA0JOP7WIrHBzpUYu3PezagUV+cyYZeX7/Pt44cZabNHLevVjtMw1 8IHdyvZl9h1TA9RtYhb/Btb88aj7udd2TXlT9IF88DYvlNraQOVj5xKMhQLR7G0V F0rU+KN9e4Xon8KfVg/qWwe8bv63NlvMRBg7x/uy3pRxXTpo3h+Kyc8GOuiEXx4J 7RGEq7KIofT9es1sfO5u =ThbL -----END PGP SIGNATURE-----

The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial of service (tmp/*config file creation, memory consumption, and device hang) via unspecified vectors, aka Bug ID CSCut93842. The Cisco ASR 9000 is Cisco's ultra-large capacity carrier-class edge router platform designed for the transformation of next-generation IP networks (IP NGNs). Cisco ASR 9000 is the ASR 9000 series multi-function router product of American Cisco (Cisco). There is a security vulnerability in the implementation of global-configuration in Cisco ASR 9000 devices using version 5.1.3 and 5.3.0 software. The vulnerability is caused by the program not properly closing the vty session after the commit/end operation

Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_var_size parameter to system_advanced_misc.php; the (4) port, (5) snaplen, or (6) count parameter to diag_packet_capture.php; the (7) pppoe_resethour, (8) pppoe_resetminute, (9) wpa_group_rekey, or (10) wpa_gmk_rekey parameter to interfaces.php; the (11) pppoe_resethour or (12) pppoe_resetminute parameter to interfaces_ppps_edit.php; the (13) member[] parameter to interfaces_qinq_edit.php; the (14) port or (15) retry parameter to load_balancer_pool_edit.php; the (16) pkgrepourl parameter to pkg_mgr_settings.php; the (17) zone parameter to services_captiveportal.php; the port parameter to (18) services_dnsmasq.php or (19) services_unbound.php; the (20) cache_max_ttl or (21) cache_min_ttl parameter to services_unbound_advanced.php; the (22) sshport parameter to system_advanced_admin.php; the (23) id, (24) tunable, (25) descr, or (26) value parameter to system_advanced_sysctl.php; the (27) firmwareurl, (28) repositoryurl, or (29) branch parameter to system_firmware_settings.php; the (30) pfsyncpeerip, (31) synchronizetoip, (32) username, or (33) passwordfld parameter to system_hasync.php; the (34) maxmss parameter to vpn_ipsec_settings.php; the (35) ntp_server1, (36) ntp_server2, (37) wins_server1, or (38) wins_server2 parameter to vpn_openvpn_csc.php; or unspecified parameters to (39) load_balancer_relay_action.php, (40) load_balancer_relay_action_edit.php, (41) load_balancer_relay_protocol.php, or (42) load_balancer_relay_protocol_edit.php. pfSense Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. Electric Sheep Fencing pfsense has a cross-site scripting vulnerability that can be exploited by remote attackers to inject arbitrary web scripts or HTML

Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; (2) adaptiveend, (3) adaptivestart, (4) maximumstates, (5) maximumtableentries, or (6) aliasesresolveinterval parameter to system_advanced_firewall.php; (7) proxyurl, (8) proxyuser, or (9) proxyport parameter to system_advanced_misc.php; or (10) name, (11) notification_name, (12) ipaddress, (13) password, (14) smtpipaddress, (15) smtpport, (16) smtpfromaddress, (17) smtpnotifyemailaddress, (18) smtpusername, or (19) smtppassword parameter to system_advanced_notifications.php. (1) system_advanced_misc.php of proxypass Parameters (2) system_advanced_firewall.php of adaptiveend Parameters (3) system_advanced_firewall.php of adaptivestart Parameters (4) system_advanced_firewall.php of maximumstates Parameters (5) system_advanced_firewall.php of maximumtableentries Parameters (6) system_advanced_firewall.php of aliasesresolveinterval Parameters (7) system_advanced_misc.php of proxyurl Parameters (8) system_advanced_misc.php of proxyuser Parameters (9) system_advanced_misc.php of proxyport Parameters (10) system_advanced_notifications.php of name Parameters (11) system_advanced_notifications.php of notification_name Parameters (12) system_advanced_notifications.php of ipaddress Parameters (13) system_advanced_notifications.php of password Parameters (14) system_advanced_notifications.php of smtpipaddress Parameters (15) system_advanced_notifications.php of smtpport Parameters (16) system_advanced_notifications.php of smtpfromaddress Parameters (17) system_advanced_notifications.php of smtpnotifyemailaddress Parameters (18) system_advanced_notifications.php of smtpusername Parameters (19) system_advanced_notifications.php of smtppassword Parameters. Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975. Cisco Finesse Contains a cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuq82322, CSCut95853 and CSCuq73975. Cisco Finesse is a set of call center management software developed by Cisco. The software improves call center service quality, improves customer experience, and increases agent satisfaction

I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service

The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. Successfully exploiting this issue may allow an attacker to execute arbitrary operating system commands and gain elevated privileges on the affected device. This issue is being tracked by Cisco Bug ID CSCuv11796

The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. Successful exploits will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCuv12542. The vulnerability is caused by the program not properly validating the input content in the local file

Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified Communications lookup page, aka Bug ID CSCuv12552. Vendors have confirmed this vulnerability Bug ID CSCuv12552 It is released as.Crafted by remotely authenticated users HTTP Any via request OS The command may be executed. Successfully exploiting this issue may allow an attacker to execute arbitrary commands on underlying operating system of the affected device. This issue is being tracked by Cisco Bug ID CSCuv12552. There is a security vulnerability in Cisco TelePresence VCS Expressway X8.5.2. The vulnerability is caused by the fact that the program does not correctly check the read-only attribute of the user account

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug IDs CSCuo89051 and CSCuq05830. Web Interaction Manager is a product that can help call center business representatives use websites and text chats or real-time Web collaboration to answer customer questions; E-mail Interaction Manager is a product used to manage a large number of customer emails submitted to corporate mailboxes or websites

Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the AMF protocol. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the fmserver user. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. However this expanded information is not automatically transferred back to the client, but could be made available by the application. ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2015-0008 Synopsis: VMware product updates address information disclosure issue Issue date: 2015-11-18 Updated on: 2015-11-18 CVE number: CVE-2015-3269 ------------------------------------------------------------------------ 1. Summary VMware product updates address information disclosure issue. 2. Relevant Releases VMware vCenter Server 5.5 prior to version 5.5 update 3 VMware vCenter Server 5.1 prior to version 5.1 update u3b VMware vCenter Server 5.0 prior to version 5.0 update u3e vCloud Director 5.6 prior to version 5.6.4 vCloud Director 5.5 prior to version 5.5.3 VMware Horizon View 6.0 prior to version 6.1 VMware Horizon View 5.0 prior to version 5.3.4 3. Problem Description a. vCenter Server, vCloud Director, Horizon View information disclosure issue. A specially crafted XML request sent to the server could lead to unintended information be disclosed. VMware would like to thank Matthias Kaiser of Code White GmbH for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-3269 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======= ======= ================= vCenter Server 6.0 any not affected vCenter Server 5.5 any 5.5 update 3 vCenter Server 5.1 any 5.1 update u3b vCenter Server 5.0 any 5.5 update u3e vCloud Director 5.6 any 5.6.4 vCloud Director 5.5 any 5.5.3 Horizon View 6.0 any 6.1 Horizon View 5.3 any 5.3.4 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vCenter Server -------------------------------- Downloads and Documentation: https://www.vmware.com/go/download-vsphere vCloud Director For Service Providers -------------------------------- Downloads and Documentation: https://www.vmware.com/support/pubs/vcd_pubs.html Horizon View 6.1, 5.3.4: -------------------------------- Downloads: https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-610-GA&productId=492 https://my.vmware.com/web/vmware/details?downloadGroup=VIEW-534-PREMIER&productId=396 5. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3269 ------------------------------------------------------------------------ 6. Change log 2015-11-18 VMSA-2015-0008 Initial security advisory ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories Consolidated list of VMware Security Advisories http://kb.vmware.com/kb/2078735 VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html Twitter https://twitter.com/VMwareSRC Copyright 2015 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05026202 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05026202 Version: 2 HPSBGN03550 rev.2 - HP Operations Manager i and BSM using Apache Flex BlazeDS, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-03-03 Last Updated: 2016-03-03 Potential Security Impact: Remote Disclosure of Information Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A security vulnerability in Apache Flex BlazeDS was addressed by HP Operations Manager i (OMi) and Business Service Manager (BSM). Note : OMi v10.10 is NOT affected by this vulnerability. References: CVE-2015-3269 SSRT102232 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Operations Manager i v10.0, v10.01 Business Service Manager v9.x to v9.26 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-3269 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett Packard Enterprise Company thanks Nicholas Miles from Tenable Network Security for reporting this issue to security-alert@hpe.com RESOLUTION HPE has made the following mitigation information available to resolve the vulnerability for the impacted versions of Operations Manager i and Business Service Manager: For OMi 10.0 update to OMi 10.0 IP3 or above. The OMi 10.0 IP3 patches can be found here: For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/OMI_00122?lang=en&cc=us&hpappid=202392_OSP_PRO_ HPE For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/OMI_00123?lang=en&cc=us&hpappid=202392_OSP_PRO_HP E For OMi 10.01 update to OMi 10.01 IP2 or above. The OMi 10.01 IP2 patches can be found here: For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/OMI_00120 For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/OMI_00121 OMi 10.10 is NOT affected by this vulnerability. For BSM 9.x to 9.25, update to BSM 9.25 IP2 or above. For Windows: https://softwaresupport.hp.com/group/softwaresupport/search-resu lt/-/facetsearch/document/LID/BAC_00899 For Linux: https://softwaresupport.hp.com/group/softwaresupport/search-result /-/facetsearch/document/LID/BAC_00896 For BSM 9.26 please contact HPE Technical Support. HISTORY Version:1 (rev.1) - 3 March 2016 Initial release Version:2 (rev.2) - 3 March 2016 Added acknowledgment section Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW2GZoAAoJEGIGBBYqRO9/g7wIAIuGN+IoM69sf1dzu0wROFfj fDKMymKIsUz975nC1VoPm+70FiBRNKwuL73uqA7Gkrhnv1ldxeBjsX058FR3q5ZE mhlhfp86BMKJMtuWI3nTVo25gQM4PVaB6GuS52PrROhwcNRKnGy6K1OlYPEtFXiy OC6YNBwBBbvookB6bPkziPzvdc85zTU8Pc7YDZQoO14vw/k1PDBaFSHs7QnLlrAw 2cZADbYL9QIDWjIO/QVHo8iwYkjpxRmBzK6qXg/Ys1vij6/RYLqMtk5fxxMRlkfS 0oiFiUS8zVf+QASHRAuj4KXeCOCi66UEAgewkDa15GyByubl8WQRg7ovw1fHGUA= =4Dvo -----END PGP SIGNATURE-----

Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.81), Nexus 3000 devices 7.3(0)ZN(0.81), Nexus 4000 devices 4.1(2)E1(1c), Nexus 7000 devices 7.2(0)N1(0.1), and Nexus 9000 devices 7.3(0)ZN(0.81) allows remote attackers to cause a denial of service (IGMP process restart) via a malformed IGMPv3 packet that is mishandled during memory allocation, aka Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732, and CSCuv48908. Vendors have confirmed this vulnerability Bug ID CSCuv69713 , CSCuv69717 , CSCuv69723 , CSCuv69732 ,and CSCuv48908 It is released as.A malformed format that was incorrectly handled by a third party when allocating memory IGMPv3 Service disruption via packets (IGMP Restart process ) There is a possibility of being put into a state. Cisco NX-OS Software is a data center-oriented operating system from Cisco. A denial of service vulnerability exists in Cisco NX-OS Software. An attacker could exploit the vulnerability to cause a denial of service and denial of service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCuv69713, CSCuv69717, CSCuv69723, CSCuv69732 and CSCuv48908. and MDS 9000 devices are a set of operating systems run on Nexus 4000 series switch devices and MDS 9000 series fiber switch devices from Cisco

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. Both Apple iOS and OS X are operating systems of Apple Inc. in the United States. Apple iOS was developed for mobile devices; OS X was developed for Mac computers. Bootp is one of the components that automatically assigns static IP based on IP/UDP protocol. A security vulnerability exists in the bootp component of Apple iOS versions prior to 8.4.1 and OS X versions prior to 10.10.5

Rockwell Automation 1769-L18ER/A LOGIX5318ER has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to inject malicious scripts or HTML code to capture sensitive information or hijack user sessions when malicious data is viewed. Rockwell Automation 1769-L18ER / A LOGIX5318ER is a programmable logic controller (PLC) from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation 1769-L18ER / A LOGIX5318ER. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and launching other attacks

The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338. Vendors have confirmed this vulnerability Bug ID CSCuv12338 It is released as.A remotely authenticated user may reset the password of any active user. Attackers can exploit this issue to gain unauthorized access to the affected application. This may help in further attacks. This issue is being tracked by Cisco bug ID CSCuv12338. The vulnerability stems from the fact that the program does not perform authentication operations correctly. An attacker could exploit this vulnerability by sending a specially crafted packet to change a user's password