VARIoT IoT vulnerabilities database

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. Cisco Unified Computing System is prone to a local denial-of-service vulnerability because it fails to properly validate the user-supplied input. Local attacker can exploit this issue to crash the device and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtq86549. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not correctly filtering the parameters submitted by users

The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. DELL Quest One Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of the application to perform unauthorized actions; this may aid in launching further attacks. The software allows end users to reset forgotten passwords and unlock accounts, and supports the enforcement of secure data access policies

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. Node.js is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs010-nodejs security update Advisory ID: RHSA-2013:1842-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1842.html Issue date: 2013-12-16 CVE Names: CVE-2013-4450 ===================================================================== 1. Summary: Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - x86_64 Red Hat Software Collections for RHEL 6 Workstation - x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. (CVE-2013-4450) Node.js is included in Red Hat Software Collections 1.0 as a Technology Preview. More information about Red Hat Technology Previews is available here: https://access.redhat.com/support/offerings/techpreview/ All nodejs010-nodejs users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1021170 - CVE-2013-4450 NodeJS: HTTP Pipelining DoS 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4450.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0q9XlSAg2UNWIIRAplZAKCNJooZ8mJA2a/ke2+zDonkXBgQMACgjYHJ q5tCftH+wfTRq0Xalgs8iMM= =7XqG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

ARRIS DG860A does not properly handle backup files, allowing unauthenticated attackers to exploit the vulnerability to access backup files for password information. Arris DG860A is a modem product of the American Arris Group. An information disclosure vulnerability exists in ARRIS DG860A. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. This may result in further attacks

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Watchguard Extensible Threat Management (XTM) Contains a stack buffer overflow vulnerability. Watchguard Extensible Threat Management (XTM) appliance is a next-generation network security appliance that includes firewalls, application control and intrusion prevention systems. The WGagent running on the XTM application has a security vulnerability in parsing the cookie sent to the WEB interface. Failed exploit attempts will result in a denial-of-service condition

IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized administrative access and perform malicious actions on the affected system. This may result in a denial-of-service condition. IBM WebSphere DataPower XC10 Appliance 2.5.0 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications. A remote attacker could exploit this vulnerability to cause a denial of service

The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unspecified security vulnerability. Limited information is currently available regarding this issue. We will update this BID as more information emerges. IBM WebSphere DataPower XC10 Appliance 2.1.0 and 2.5.0 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. An unauthorized attacker could exploit this vulnerability to perform administrator actions

I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E

Bluetooth U ensures the synchronization of file transfers between devices without restricting file types. The Bluetooth U v1.2.0 iOS mobile app (Apple iOS - iPad & iPhone) has multiple local directory traversal and file inclusion vulnerabilities. Bluetooth U is a set of Bluetooth connection software. The software supports file transfer, file sharing, local file management, and more. A directory traversal vulnerability exists in the New Folder-Index module in Bluetooth U, which stems from the program's insufficient filtering of user-submitted input. A remote attacker could exploit this vulnerability by using a request with a directory traversal sequence character to retrieve arbitrary local files in the application context. There are vulnerabilities in Bluetooth U 1.2.0, other versions may also be affected. Bluetooth U is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks

Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCui77398

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information through man-in-the-middle attacks that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72964. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. Cisco Unified Computing System is prone to an information-disclosure vulnerability. Attackers can exploit this issue to perform a man-in-the-middle attack and gain access or modify video stream. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug ID CSCtr72949. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the fact that the video data sent by KVM is not encrypted

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72970. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic or modify this traffic via a crafted certificate, aka Bug ID CSCtr73033. Cisco Unified Computing System is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCtr73033. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuj22948. The platform can use voice commands to make calls or listen to messages "hands-free"

The Agilent E5810A LAN/GPIB Gateway is a LAN/GPIB gateway device. There are several security vulnerabilities in the Agilent E5810A LAN/GPIB Gateway: 1. There is an administrator account with a default password of 'E5810', which allows an attacker to gain access to the device's WEB interface. 2, password.html script transmits passwords in clear text, allowing attackers who can conduct man-in-the-middle attacks to obtain sensitive information. 3, config_lan.html script incorrectly filters the 'hostName' parameter data, allowing attackers to exploit the vulnerability for storage-type cross-site scripting attacks.

The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.3.0 might change a TCP connection to the ESTABLISHED state before receiving the ACK packet, which allows remote attackers to cause a denial of service (SIGFPE or assertion failure and TMM restart) via unspecified vectors. F5 BIG-IP is prone to a remote denial-of-service vulnerability. A successful exploit may allow an attacker to cause the Traffic Management Microkernel (TMM) to reload, denying service to legitimate users. Traffic Management Microkernel (TMM) is a service process running in the BIG-IP system of the US company F5 to perform traffic management. The vulnerability is caused by the fact that the BIG-IP system does not correctly transition the TCP connection to the ESTABLISHED state before receiving the ACK packet

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330. Cisco Unified Computing System is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCtr43330. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly filter the parameters submitted by the user

The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. Local attackers can exploit this issue to read and modify arbitrary files with elevated privileges. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr43374. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability stems from the fact that the program does not properly filter the parameters submitted by the user

The Polycom VSX 7000 is a video conferencing product. The Polycom VSX 7000 does not properly restrict access to telnet, HTTP, and FTP services, allowing unauthenticated remote attackers to gain access to the device.