VARIoT IoT vulnerabilities database

Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.9.0S, Release 3.10 prior to 3.10.0S, Release 3.11 prior to 3.11.0S, Release 3.12 prior to 3.12.0S, Release 3.13 prior to 3.13.0S, Version 3.14 before 3.14.0S, version 3.15 before 3.15.0S

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCum36951 and CSCuo75572. The vulnerability stems from the improper handling of malformed IKEv2 packets. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS, 3.2 .xE version to 3.7.xE version, 3.3.xSG version, 3.4.xSG version, 3.13.xS version before 3.13.2S

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCum36951 and CSCuo75572. The vulnerability stems from the improper handling of malformed IKEv2 packets. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS, 3.2 .xE version to 3.7.xE version, 3.3.xSG version, 3.4.xSG version, 3.13.xS version before 3.13.2S

The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.10.4S, Release 3.11 prior to 3.11.3S, Release 3.12 prior to 3.12.2S, Release 3.13 prior to 3.13.1S, Release 3.14 prior to 3.14.0S, Version 3.15 before 3.15.0S

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. Cisco IOS is a popular Internet operating system. Cisco IOS and IOS XE Software are prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to cause a memory leak and reload of an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum94811. The vulnerability stems from the fact that the program does not properly handle the packet sequence used for the TCP three-way handshake. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10 .xS version, 3.11.xS version, 3.12.xS version before 3.12.3S

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. Cisco IOS There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is a popular Internet operating system. Successful exploits may allow an attacker to cause memory leak or reload of an affected device, resulting in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs CSCum98371, CSCun49658 and CSCun63514. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3

Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. Cisco IOS is a popular Internet operating system. Cisco IOS Software is prone to multiple denial-of-service vulnerabilities. Successful exploits may allow an attacker to cause memory leak or reload of an affected device, resulting in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs CSCum98371, CSCun49658 and CSCun63514. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. Cisco IOS There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is a popular Internet operating system. Successful exploits may allow an attacker to cause memory leak or reload of an affected device, resulting in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs CSCum98371, CSCun49658 and CSCun63514. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3

AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to a remote code-execution vulnerability. This issue being tracked by Cisco Bug ID CSCuo53622. The following versions are affected: Cisco IOS XE versions 3.8 through 3.10, 3.11 prior to 3.11.3S, 3.12 prior to 3.12.1S, 3.13 prior to 3.13.0S, 3.14 prior to 3.14.0S, and 3.15 prior to 3.15.0S

The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. Cisco IOS is a popular Internet operating system. Cisco IOS and IOS XE Software are prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCup70579. Service Discovery Gateway (also known as mDNS Gateway, multicast DNS) is a gateway used to provide how to use common DNS programming interfaces (package format and operation semantics) in a small network without DNS services. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 3.9.xS, 3.10.xS prior to 3.10.4S, 3.11.xS prior to 3.11.3S Version, 3.12.xS version before 3.12.2S, 3.13.xS version before 3.13.1S

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name. CUPS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AppleCUPS (CommonUnix Printing System) is an open source printing system for OSX and Unix-like systems from Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is an arbitrary code execution vulnerability in AppleCUPS. An attacker could exploit the vulnerability to execute arbitrary code in the context of an affected application or to cause a denial of service. Failed attempts will likely cause a denial-of-service condition

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. The Lenovo ThinkServer RD350, RD450, RD550, RD650 and TD350 are all rack-mounted server products from Lenovo. An attacker could exploit the vulnerability to crack a password. Multiple Lenovo products are prone to a BIOS password encryption weakness. A security vulnerability exists in several Lenovo ThinkServer product servers. The following products are affected: Lenovo ThinkServer RD350 prior to 1.26.0, RD450 prior to 1.26.0, RD550 prior to 1.26.0, RD650 prior to 1.26.0, TD350 prior to 1.26.0

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. Lenovo ThinkServer System Manager is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the web-interface to crash, resulting in a denial-of-service condition. Lenovo ThinkServer System Manager (TSM) Baseboard Management Controller (BMC) for ThinkServer RD350, etc. is a controller embedded in the hardware devices of ThinkServer RD350 and other servers from China Lenovo to manage and monitor server status. There are security vulnerabilities in the TSM BMC of several ThinkServer products using firmware versions earlier than 1.27.73476. The following products are affected: ThinkServer RD350, RD450, RD550, RD650, TD350

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. Lenovo ThinkServer System Manager is prone to a security-bypass vulnerability. Attackers can exploit this issue through man-in-the-middle attacks to gain access to sensitive information, which may lead to further attacks. Lenovo ThinkServer System Manager (TSM) Baseboard Management Controller (BMC) for ThinkServer RD350, etc. is a controller embedded in the hardware devices of ThinkServer RD350 and other servers from China Lenovo to manage and monitor server status. There is a security vulnerability in the TSM BMC of several Lenovo ThinkServer products using firmware versions earlier than 1.27.73476. An attacker can use this vulnerability to implement a man-in-the-middle attack to deceive the server. The following products are affected: ThinkServer RD350, RD450, RD550, RD650, TD350

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors. Multiple HP Products are prone to an unspecified code-execution vulnerability. A remote attacker may be able to execute arbitrary code with elevated privileges. Failed exploit attempts will result in denial-of-service conditions. iLO 2 and iLO 4 are embedded server management technologies that monitor and maintain server health, remotely manage servers, and more through an integrated remote management port. iLO CM is a set of automated chassis management tools. A security vulnerability exists in HP iLO and iLO CM. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) remote execution of code, and elevation of privilege References: CVE-2014-7876 (SSRT101745) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please visit the following location to obtain the firmware updates: www.hp.com/go/ilo HISTORY Version:1 (rev.1) - 17 March 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUIbIkACgkQ4B86/C0qfVmFmACgrfeGsb1X7V95mAv1Bc7ApmFQ 8msAnAo40GwKlZoehDGfXQzL+4gBq72U =dGZX -----END PGP SIGNATURE-----

The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. Vendors have confirmed this vulnerability Bug ID CSCup67822 It is released as.A great deal of crafting by a third party DHCP Service disruption via packets ( Service stop ) There is a possibility of being in the state of. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. Cisco ASR 9000 Series Aggregation Services Routers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the affected device to crash, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCup67822

Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue being tracked by Cisco Bug ID CSCut24792. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco MSE 8.0(110.0)

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors. HP Integrated Lights-Out is prone to an unspecified vulnerability. An attacker can exploit this issue to gain unauthorized access or cause denial-of-service conditions. operating status, remote management and control of servers, etc. A security vulnerability exists in HP iLO. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04582368 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04582368 Version: 1 HPSBHF03276 rev.1 - HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4), Remote Unauthorized Access, Denial of Service (Dos) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability could be exploited remotely resulting in unauthorized access or Denial of Service. References: CVE-2015-2106 (SSRT101886) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please visit the following location to obtain the firmware updates: www.hp.com/go/ilo HISTORY Version:1 (rev.1) - 17 March 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUIZ2gACgkQ4B86/C0qfVnZBQCfZ4FHB7RWVvIk1yY4iYsjUffC 92oAoJDXSUi7TyKBzxviF9SrtfBtlj1t =MT4c -----END PGP SIGNATURE-----

Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname. Honeywell XL Web Controller is a web-based SCADA system

Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlLocal users can detect Trojans in unspecified directories DLL You may get permission through. The FactoryTalk Services Platform provides routine services (such as diagnostics, health monitoring services, and real-time data access) for products and applications in the FactoryTalk system. FactoryTalk View Studio is a configuration software for developing or testing machine-level or monitoring management-level Human Machine Interface (HMI) applications. Multiple native code execution vulnerabilities exist in multiple Rockwell Automation product DLL loads. An attacker can exploit arbitrary exploits and system privileges to execute arbitrary code. Failed attempts may lead to denial-of-service conditions. The following products are affected: FactoryTalk Services Platform prior to 2.71.00 FactoryTalk View Studio versions 8.00.00 and prior. A local attacker can use the Trojan horse DLL file to exploit this vulnerability to gain permissions