VARIoT IoT vulnerabilities database

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. HP Network Automation is an automated network configuration management tool. HP Network Automati has a security bypass vulnerability. An attacker could exploit this vulnerability to bypass certain security restrictions

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI. Huawei E5332 contains a denial-of-service (DoS) vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contain an issue when processing a URL that is extremely long, which may lead to the device to terminate abnormally. Shuto Imai of Chukyo Univ. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can send requests to the device may cause the device to become unresponsive. Huawei E5332 Webserver is a wireless router product. Huawei E5332 Webserver has a denial of service vulnerability. An attacker can exploit a vulnerability to build a long URI for a denial of service attack. Attackers may exploit this issue to cause denial-of-service conditions

Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API service request message. Huawei E5332 contains a denial-of-service (DoS) vulnerability. Huawei E5332 provided by Huawei Technologies is a mobile router. Huawei E5332 contains an issue when processing a GET request that contains an extremely long parameter, which lead to the device rebooting. Shuto Imai of Chukyo Univ. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can send requests to the device may cause the device to become unresponsive. Huawei E5332 Router is a China Unicom 3G wireless router product from Huawei. Attackers may exploit this issue to cause denial-of-service conditions. A buffer overflow vulnerability exists in the Webserver component of Huawei E5332 Router versions earlier than 21.344.27.00.1080

The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647. Vendors have confirmed this vulnerability Bug ID CSCuq22647 It is released as.A third party can impersonate the device through a crafted message. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS XE has a security bypass vulnerability that allows an attacker to bypass certain security restrictions and perform unauthorized operations. Cisco IOS XE Software is prone to a security-bypass vulnerability. This issue is being tracked by Cisco Bug ID CSCuq22647. The vulnerability is caused by the program not validating certificates properly

Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface, aka Bug ID CSCuq22673. Vendors have confirmed this vulnerability Bug ID CSCuq22673 It is released as.By a third party ANI Cleverly crafted on the interface RPL A route injection attack may be performed through advertisement. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This may aid in other attacks. This issue is being tracked by Cisco Bug ID CSCuq22673. Remote attackers can use this vulnerability to implement route-injection attacks

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE. Juniper Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to crash and restart the RPD (Routing Protocol Daemon), causing denial-of-service conditions. Juniper Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware systems. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos OS 9.1 to 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11, 12.147-D15, 12.1 before D41 and D62 Version X48, version 12.2 before R8, version 12.2X50 before D70, version 12.3 before R6, version 13.1 before R4-S2, version 13.1X49 before D49, version 13.1X50 before 30, version 13.2 before R4, version 13.2X50 before D20, D25 Version 13.2X51 before D15, version 13.2X52 before D15, version 13.3 before R2, and version 14.1 before R1

Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, 12.3 before R7, 13.1 before R4 before S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R5, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R3, and 14.1 before R1 allows remote attackers to cause a denial of service (router protocol daemon crash) via a crafted RSVP PATH message. Juniper Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to hang or crash the RPD (Routing Protocol Daemon), causing denial-of-service conditions. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: 11.4 before Juniper Junos R12-S4, 12.1X44 before D35, 12.1X45 before D30, 12.1X46 before D25, 12.1X47 before D10, 12.2 before R9, 12.2X50 before D70, R7 Version 12.3 before, Version 13.1 before R4-S3, Version 13.1X49 before D55, Version 13.1X50 before D30, Version 13.2 before R5, Version 13.2X50 before D20, Version 13.2X51 before D26, Version D30, Version 13.2X52 before D15, R3 Version 13.3 before R1, version 14.1 before R1

Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before 15.1.0, when DEBUG severity icmpTraffic logging is enabled, allows remote attackers to cause a denial of service (SRP reset) via a crafted ICMP packet to the (1) interface or (2) loopback IP address, which triggers a processor exception in ip_RxData_8. Juniper JunosE is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Juniper Networks JunosE is an operating system of Juniper Networks (Juniper Networks) running on E series IP edge and broadband service routers. The following versions are affected: Juniper JunosE prior to 13.3.3p0-1, 14.x prior to 14.3.2, and 15.x prior to 15.1.0

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or "go offline") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets. Juniper Junos is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to crash, denying service to legitimate users. Juniper Junos is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware system. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70 Version, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1 Version

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336. To this vulnerability ZDI-CAN-2336 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing an improper parameter to the method AttachToSS provided by those controls, an attacker can execute code in the context of the browser. Failed exploit attempts likely result in denial-of-service conditions. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342. To this vulnerability ZDI-CAN-2342 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing improper parameters to the methods CopyRange or CopyRangeEx provided by those controls, an attacker can execute code in the context of the browser. An attacker can exploit these issues by enticing an unsuspecting user to view a malicious webpage. Failed exploit attempts likely result in denial-of-service conditions. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344. To this vulnerability ZDI-CAN-2344 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By assigning an overly-long value to the DefaultFontName property provided by those controls, an attacker can write attacker-supplied data into memory outside of correct bounds. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343. To this vulnerability ZDI-CAN-2343 Was numbered.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing an improper parameter to the method SwapTables provided by those controls, an attacker can execute code in the context of the browser. The tool supports accelerated software test authoring and execution, avoids repetitive tasks, generates defect reports, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04454636 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04454636 Version: 1 HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-10-08 Last Updated: 2014-10-08 Potential Security Impact: Remote execution of code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Sprinter. References: CVE-2014-2635 (ZDI-CAN-2343, SSRT101584) CVE-2014-2636 (ZDI-CAN-2336, SSRT101585) CVE-2014-2637 (ZDI-CAN-2342, SSRT101586) CVE-2014-2638 (ZDI-CAN-2344, SSRT101587) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Sprinter v12.01 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-2635 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2636 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2637 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-2638 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Andrea Micalizzi (rgod) working with HP's Zero Day Initiative for reporting these issues to security-alert@hp.com. Sprinter version HP Live Network patch location v12.01 https://hpln.hp.com/node/21205/ HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1o1UACgkQ4B86/C0qfVmvvwCghUu5+Ks+st7BhpFoK4uONJQ1 ZPIAn2cJjPVj9fic0A3IjRk4kYbUAP62 =C08S -----END PGP SIGNATURE-----

Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Supplementary information : CWE Vulnerability type by CWE-285: Improper Authorization ( Inappropriate authentication ) Has been identified. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and gain unauthorized access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be restricted and can disclose technical information without having the right access permissions. This information could be used to perform further attacks over the platform. Risk Level: Low 2. Advisory Information ======================= - - Public Release Date: 2014-10-08 - - Subscriber Notification Date: 2014-10-08 - - Last Revised: 2014-08-17 - - Security Advisory ID: ONAPSIS-2013-033 - - Onapsis SVS ID: ONAPSIS-00114 - - Researcher: Nahuel D. S\xe1nchez - - Initial Base CVSS v2: 3.5 (AV:N/AC:M/AU:S/C:P/I:N/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP - - Affected Components: - SAP Netweaver AS ABAP 7.31 (Check SAP Note 1967780 for detailed information on affected releases) - - Vulnerability Class: Improper Authorization (CWE-285) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Detection Module available in Onapsis X1: Yes - - BizRisk Illustration Module available in Onapsis X1: Yes - - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033 4. Affected Components Description ================================== SAP NetWeaver Business Warehouse is a platform that provides business intelligence, analytical, reporting and data warehousing capabilities. It is often used by companies who run their business on SAP's operational systems. BW is part of the SAP NetWeaver platform. 5. Vulnerability Details ======================== The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' does not perform any authorization check prior to retrieving the profile parameter value. 6. Solution =========== SAP has released SAP Note 1967780 which provide patched versions of the affected components. The patches can be downloaded from https://service.sap.com/sap/support/notes/1967780. Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks. 7. 2014-06-10: SAP releases security patches. 2014-10-08: Onapsis notifies availability of security advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications by combining technology, research and analytics. Onapsis enables every security and compliance team an adaptive approach to focus on the factors that matter most to their business ? critical applications that house vital data and run business processes. Onapsis provides technology solutions including Onapsis X1, the de-facto SAP security auditing tool which delivers enterprise vulnerability, compliance, detection and response capabilities with analytics. The Onapsis Research Labs provide subject matter expertise that combines in-depth knowledge and experience to deliver technical and business-context with sound security judgment. This enables organizations to efficiently uncover security and compliance gaps and prioritize the resolution within applications running on SAP platforms. Onapsis delivers tangible business results including decreased business risk, highlighted compliance gaps, lower operational security costs and demonstrable value on investment. For further information about our solutions, please contact us at info@onapsis.com and visit our website at www.onapsis.com. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlQ1Q14ACgkQz3i6WNVBcDWY/QCeI9z7i+dPN5uzqebPIrFtswz7 tVgAnidtdPUOtcAvKJu9UHgUH/L6afCl =piFM -----END PGP SIGNATURE-----

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Few technical details are currently available. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04472866 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04472866 Version: 1 HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. References: CVE-2014-2648, CVE-2014-2649 (SSRT101727) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The updates can be downloaded from HP Software Support Online (SSO). 9.11.120 server patches: Component Download Location OMHPUX_00004 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188205 ITOSOL_00802 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187924 OML_00080 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187666 9.11.120 Java UI patches: Component Download Location OMHPUX_00005 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187192 ITOSOL_00803 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01187435 OML_00081 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188103 9.20.300 server patches: Component Download Location OMHPUX_00006 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188207 ITOSOL_00804 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188065 OML_00082 https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01188209 HISTORY Version:1 (rev.1) - 8 October 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlQ1TwsACgkQ4B86/C0qfVnkJgCfevd5vzwuHkW/C2VigZXMkDx3 emMAoPo5hL+fb0wuvT/65VDTrqjXDEY1 =TbvC -----END PGP SIGNATURE-----

The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCum46027. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program not properly handling SQL REDIRECT packets. The following releases are affected: Cisco ASA Software 7.2 prior to 5.13, 8.2 prior to 8.2(5.50), 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.15), 8.5 prior to 8.5(1.21), 8.6( 1.14) before 8.6, 8.7(1.13) before 8.7, 9.0(4.5) before 9.0, 9.1(5.1) before 9.1

The IKE implementation in the VPN component in Cisco ASA Software 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted UDP packets, aka Bug ID CSCul36176. Cisco Adaptive Security Appliance (ASA) Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCul36176. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the fact that the program does not process UDP packets correctly

The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted packet that is sent during tunnel creation, aka Bug ID CSCum96401. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum96401. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability is caused by the program's improper handling of IKEv2 packets. The following versions are affected: Cisco ASA Software 8.4 prior to 8.4(7.15), 8.6 prior to 8.6(1.14), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)

Race condition in the Health and Performance Monitoring (HPM) for ASDM feature in Cisco ASA Software 8.3 before 8.3(2.42), 8.4 before 8.4(7.11), 8.5 before 8.5(1.19), 8.6 before 8.6(1.13), 8.7 before 8.7(1.11), 9.0 before 9.0(4.8), and 9.1 before 9.1(4.5) allows remote attackers to cause a denial of service (device reload) via TCP traffic that triggers many half-open connections at the same time, aka Bug ID CSCum00556. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum00556. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The following releases are affected: Cisco ASA Software 8.3 prior to 8.3(2.42), 8.4 prior to 8.4(7.11), 8.5 prior to 8.5(1.19), 8.6 prior to 8.6(1.13), 8.7 prior to 8.7(1.11), 9.0( 4.8) before 9.0, 9.1(4.5) before 9.1

The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Software 8.2 before 8.2(5.51), 8.4 before 8.4(7.15), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via a crafted series of GTP packets, aka Bug ID CSCum56399. Cisco Adaptive Security Appliance (ASA) Software is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCum56399. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more. The vulnerability stems from the program's improper handling of GTP packet sequences. The following releases are affected: Cisco ASA Software 8.2 prior to 5.51, 8.4 prior to 8.4(7.15), 8.7 prior to 8.7(1.13), 9.0 prior to 9.0(4.8), 9.1 prior to 9.1(5.1)