VARIoT IoT vulnerabilities database

Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439. Cisco Unified Communications Manager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCuq44439

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. A remote attacker can exploit the vulnerability to gain sensitive information by sniffing the network. The following products are affected: InduSoft Web Studio 7.1.3.2 and prior. InTouch Machine Edition 7.1.3.2 and prior. This product provides HMI clients with read, write tag and event monitoring capabilities. The vulnerability is caused by the programs transmitting plaintext certificates

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. ANTlabs Made InnGate Is Visitor Based Network ( Network for hotel guests, etc. ) It is a gateway device for operating. InnGate Multiple models and multiple versions of firmware could allow a remote attacker to improperly configure rsync There is a vulnerability that allows reading and writing to the device file system without authentication through the daemon. Inappropriate default permissions (CWE-276) - CVE-2015-0932 InnGate Included in the firmware rsync Is not configured properly, it is possible to read and write to the entire device file system without authentication. Therefore, a remote attacker may be able to view or tamper with any file on the file system of the device. For more information, Cylance, Inc. of blog post It is written in. Inappropriate default permissions (CWE-276) https://cwe.mitre.org/data/definitions/276.html blog post http://blog.cylance.com/spear-team-cve-2015-0932A remote attacker may be able to view or alter any file on the file system of the device. ANTlabs InnGate firmware has any file read and write vulnerabilities. Multiple ANTlabs products are prone to an arbitrary file-access vulnerability

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric, France. Multiple Schneider Electric products are prone to a local information-disclosure vulnerability. This product provides HMI clients with read, write tag and event monitoring capabilities

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric, France. Attackers can exploit this issue to bypass the authentication mechanism and log in to another user's account. The following products are affected: InduSoft Web Studio 7.1.3.2 and prior. InTouch Machine Edition 7.1.3.2 and prior. This product provides HMI clients with read, write tag and event monitoring capabilities. The vulnerability stems from the fact that the HMI user interface provided by the program contains all valid user names

The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. Attackers can exploit this issue to crash and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCui57980. A security vulnerability exists in the web-authentication feature of Cisco WLC devices Release 7.3(103.8) and Release 7.4(110.0)

Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. Schneider Electric InduSoft Web Studio and InTouch Machine Edition are both embedded HMI software packages from Schneider Electric, France. Read access. A local attacker could exploit this vulnerability to obtain sensitive information by discovering passwords. Schneider Electric Products are prone to multiple local information-disclosure vulnerabilities. This may aid in further attacks. This product provides HMI clients with read, write tag and event monitoring capabilities

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. Multiple IBM Products are prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks. IBM Sterling File Gateway is a set of file transfer software that integrates different file transfer methods and can realize secure interaction through the network

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191. Cisco IOS is a popular Internet operating system. Cisco IOS and IOS XE are prone to a content spoofing vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to insert and display spoofed content, which may aid in further attacks. This issue is tracked by Cisco Bug ID CSCup62191

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. Cisco IOS is a popular Internet operating system. An attacker can exploit this issues to cause a denial of service condition. This issue is being tracked by Cisco Bug ID CSCup62293

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315. Vendors have confirmed this vulnerability Bug ID CSCup62315 It is released as.Camouflaged by a third party AN Service disruption via message ( Device reload ) There is a possibility of being put into a state. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCup62315

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145. Cisco IOS is a popular Internet operating system. Attackers can exploit this issue to cause the VRF interface on the device to enter a wedged state and stop processing packets, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsi02145. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3

The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The vulnerability stems from the program's improper handling of IPv6 packets encapsulated in IPv4 UDP packets. The following versions are affected: Cisco IOS XE Release 3.6, Release 3.7 prior to 3.7.1S, Release 3.8 prior to 3.8.0S, Release 3.9 prior to 3.9.0S, Release 3.10 prior to 3.10.0S, Release 3.11 prior to 3.11.0S, Release 3.12.0S prior to Version 3.12, Version 3.13 before 3.13.0S, Version 3.14 before 3.14.0S, Version 3.15 before 3.15.0S

The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The vulnerability stems from the fact that the NAT and HSL features do not properly handle fragmented IP packets. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.10.4S, Release 3.11 prior to 3.11.3S, Release 3.12 prior to 3.12.1S, Release 3.13 prior to 3.13.0S, Release 3.14 prior to 3.14.0S, Version 3.15 before 3.15.0S

Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.9.0S, Release 3.10 prior to 3.10.0S, Release 3.11 prior to 3.11.0S, Release 3.12 prior to 3.12.0S, Release 3.13 prior to 3.13.0S, Version 3.14 before 3.14.0S, version 3.15 before 3.15.0S

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCum36951 and CSCuo75572. The vulnerability stems from the improper handling of malformed IKEv2 packets. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS, 3.2 .xE version to 3.7.xE version, 3.3.xSG version, 3.4.xSG version, 3.13.xS version before 3.13.2S

Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (memory consumption and device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCuo75572. Cisco IOS is a popular Internet operating system. An attacker can exploit these issues to cause an affected device to reload, denying service to legitimate users. These issues are being tracked by Cisco Bug IDs CSCum36951 and CSCuo75572. The vulnerability stems from the improper handling of malformed IKEv2 packets. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS, 3.2 .xE version to 3.7.xE version, 3.3.xSG version, 3.4.xSG version, 3.13.xS version before 3.13.2S

The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuq59131. Cisco IOS is a popular Internet operating system. Cisco IOS XE Software is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause an affected device to reload, resulting in a denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuo25741, CSCub68073, CSCua79665 and CSCuq59131. The following releases are affected: Cisco IOS XE Release 2.x, Release 3.x prior to 3.10.4S, Release 3.11 prior to 3.11.3S, Release 3.12 prior to 3.12.2S, Release 3.13 prior to 3.13.1S, Release 3.14 prior to 3.14.0S, Version 3.15 before 3.15.0S

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811. Cisco IOS is a popular Internet operating system. Cisco IOS and IOS XE Software are prone to a remote denial-of-service vulnerability. Successful exploits may allow attackers to cause a memory leak and reload of an affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum94811. The vulnerability stems from the fact that the program does not properly handle the packet sequence used for the TCP three-way handshake. The following products and versions are affected: Cisco IOS Releases 12.2, 12.4, 15.0, 15.2, 15.3, 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10 .xS version, 3.11.xS version, 3.12.xS version before 3.12.3S

Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. Cisco IOS There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Cisco IOS is a popular Internet operating system. Successful exploits may allow an attacker to cause memory leak or reload of an affected device, resulting in denial-of-service conditions. These issues are being tracked by Cisco Bug IDs CSCum98371, CSCun49658 and CSCun63514. The following releases are affected: Cisco IOS Release 12.2, Release 12.4, Release 15.0, Release 15.2, Release 15.3