VARIoT IoT vulnerabilities database
| VAR-201407-0443 | CVE-2014-2975 | Silver Peak VX Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. Silver Peak VX is a virtual WAN optimization solution.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201407-0391 | CVE-2014-3329 | Cisco Prime Data Center Network Manager of Web Server component cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the web-server component in Cisco Prime Data Center Network Manager (DCNM) 6.3(2) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum86620.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCum86620. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance
| VAR-201407-0009 | CVE-2013-4840 | HP and H3C of VPN Firewall Module Product SECPATH1000FE and SECBLADEFW Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.
Attackers can exploit this issue to cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03993467
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03993467
Version: 1
HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. The vulnerability could be remotely exploited
resulting in a Denial of Service (DoS).
References: CVE-2013-4840 (SSRT101341)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iEYEARECAAYFAlPSvrQACgkQ4B86/C0qfVkZDACeKwOBFv2gsebln3WHlNhYV4QK
pKYAoJrFJIwsRxrPIN4DQCn4D3cTsYyW
=zq6e
-----END PGP SIGNATURE-----
| VAR-201407-0700 | No CVE | Parallels Tools Local Privilege Escalation Vulnerability |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Parallels Tools is a set of virtual machine tools of Parallels Corporation in the United States.
A local elevation of privilege vulnerability exists in Parallels Tools. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application with local access. Vulnerabilities exist in Parallels Tools version 9.0, other versions may also be affected
| VAR-201407-0442 | CVE-2014-2974 | Silver Peak VX Cross-Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. Silver Peak VX is a virtual WAN optimization solution
| VAR-201407-0685 | No CVE | Sagem Fast 3304-V1 Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sagem F@st 3304-v1 is an ADSL device. Sagem Fast 3304-V1 is a router product of French company Sagem.
A denial of service vulnerability exists in Sagem Fast 3304-V1. An attacker could use this vulnerability to cause the affected device to restart or reset and deny legitimate users
| VAR-201408-0152 | CVE-2014-3302 | Cisco WebEx Meetings Server 'user.php' Information Disclosure Vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708. Vendors have confirmed this vulnerability Bug ID CSCuj81708 It is released as.Skillfully crafted by a third party URL You may get important information through. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability.
This issue is being tracked by Cisco bug ID CSCuj81708. There is a security vulnerability in the user.php script of CWMS 1.5 (.1.131) and earlier versions
| VAR-201407-0367 | CVE-2014-3303 | Cisco WebEx Meetings Server of Web Vulnerabilities that capture important information in the framework |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81713. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Cisco WebEx Meetings Server is prone to an information-disclosure vulnerability.
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
This issue is being tracked by Cisco bug ID CSCuj81713
| VAR-201407-0368 | CVE-2014-3304 | Cisco WebEx Meetings Server of OutlookAction User account enumeration vulnerability in class |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution.
An attacker can leverage this issue to obtain sensitive information like valid user accounts, that may aid in further attacks.
This issue is being tracked by Cisco bug ID CSCuj81722. There is a security hole in the OutlookAction Class of CWMS, which is caused by the program not filtering the return message correctly
| VAR-201407-0366 | CVE-2014-3301 | Cisco WebEx Meetings Server of ProfileAction Vulnerabilities in which important information is obtained in the controller |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700. Cisco WebEx Meetings Server (CWMS) of ProfileAction A vulnerability exists in the controller that can retrieve important information. Vendors have confirmed this vulnerability Bug ID CSCuj81700 It is released as.If a third party reads the stack trace of the reply message, important information may be obtained. Cisco WebEx Meetings Server is a Cisco Conference Center implementation from Cisco.
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
This issue is being tracked by Cisco bug ID CSCuj81700
| VAR-201407-0369 | CVE-2014-3305 | Cisco WebEx Meetings Server of Web Cross-site request forgery vulnerability in framework |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735. Vendors have confirmed this vulnerability Bug ID CSCuj81735 It is released as.Authentication may be hijacked by a third party. Cisco WebEx Meetings is a networked online conferencing product in Cisco's WebEx conferencing solution. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuj81735
| VAR-201407-0390 | CVE-2014-3328 | Cisco Unified Presence Server of Intercluster Sync Agent Service Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. Vendors have confirmed this vulnerability Bug ID CSCun34125 It is released as. Supplementary information : CWE Vulnerability type by CWE-400: Uncontrolled Resource Consumption ( Resource depletion ) Has been identified. http://cwe.mitre.org/data/definitions/400.htmlBy a third party TCP SYN Service disruption via flood (DoS) There is a possibility of being put into a state. This component is responsible for collecting the user's availability status and communication capability information
| VAR-201407-0602 | CVE-2014-4682 | Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company's set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server
| VAR-201407-0387 | CVE-2014-3324 | Cisco TelePresence Server Software management Web Cross-site scripting vulnerability in the login page of the interface |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCup90060. Cisco TelePresence Server Software is a set of video conferencing solutions called "TelePresence" system of Cisco (Cisco). The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect
| VAR-201407-0389 | CVE-2014-3326 | Cisco Security Manager of Web In the framework SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is being tracked by Cisco Bug ID CSCup26957
| VAR-201407-0606 | CVE-2014-4686 | Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerabilities in which important information is obtained in project management applications |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions
| VAR-201407-0719 | No CVE | NETGEAR DGN2200 Password Information Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NETGEAR DGN2200 is a wireless router product from NETGEAR.
An information disclosure vulnerability exists in NETGEAR DGN2200. An attacker could use this vulnerability to gain access to sensitive information. Vulnerabilities in Netgear DGN2200 1.0.0.29_1.7.29_HotS version, other versions may also be affected
| VAR-201407-0603 | CVE-2014-4683 | Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of WebNavigator Vulnerability that can be obtained privilege in the server |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens SIMATIC WinCC And PCS7 that can be exploited by remote attackers to gain elevated privileges on affected devices. Siemens SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. There is a security hole in the WebNavigator server used by Siemens SIMATIC WinCC versions prior to 7.3 for PCS7 and other products
| VAR-201407-0604 | CVE-2014-4684 | Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of Vulnerability that can be obtained privilege in the database server |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens' product database servers, which can be exploited by remote attackers to escalate privileges and perform unauthorized actions. SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in the database server of versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products
| VAR-201407-0605 | CVE-2014-4685 | Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerability gained in |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A number of Siemens products have local privilege escalation vulnerabilities that allow an attacker to exploit vulnerabilities to escalate permissions on affected computers. Siemens SIMATIC WinCC and PCS 7 are prone to a local privilege-escalation vulnerability.
Attackers can exploit this issue to gain elevated privileges on affected computers. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products