VARIoT IoT vulnerabilities database

The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709. Vendors have confirmed this vulnerability Bug ID CSCua22709 It is released as.Skillfully crafted by a third party HTTPS Service disruption via request ( Device reload ) There is a possibility of being put into a state. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCua22709. The following versions are affected: Cisco Adaptive Security Appliance Software 8.x prior to 8.2(5.44), 8.3.x prior to 8.3(2.39), 8.4.x prior to 8.4(5.7), 8.6 prior to 8.6(1.12) .x version, 9.0.x version before 9.0(2.6), 9.1.x version before 9.1(1.7)

The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over a serial line. Alstom e-Terracontrol is software for monitoring and controlling power systems on a SCADA system. e-Terracontrol is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to trigger the application to enter into an infinite loop, causing it to crash. This can result in denial-of-service conditions. e-Terracontrol 3.5, 3.6, and 3.7 are vulnerable

Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737. Cisco Adaptive Security Appliance (ASA) is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to exhaust the available memory and cause the affected system to become unresponsive resulting in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCtt36737. A denial of service vulnerability exists in Cisco ASA software 8.4.x versions prior to 8.4(3) and 8.6.x versions prior to 8.6(1.3). memory block

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. The Cisco Unified IP Phones 9900 is an IP telephony device developed by Cisco. A denial of service vulnerability exists in the Cisco Unified IP Phones 9900 Series. This issue is tracked by Cisco Bug ID CSCuf06698. This product provides voice and video functions. The vulnerability is caused by the program not properly handling SDP packets

Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is configured, allows remote attackers to cause a denial of service (flow daemon crash) via an unspecified sequence of TCP packets. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions. Note: To exploit this issue, attackers require a plugin (e.g. ALGs, UTM) configured to use a TCP proxy. The operating system provides a secure programming interface and Junos SDK. A denial of service vulnerability exists in Juniper Junos running on SRX Series Services Gateway devices. The following versions are affected: Junos 10.4 and earlier, 11.4, 12.1, 12.1X44, 12.1X45

Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before 11.4X27.44, 12.1 before 12.1R7, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.2 before 12.2R6, 12.3 before 12.3R3, 13.1 before 13.1R3, and 13.2 before 13.2R1, when Proxy ARP is enabled on an unnumbered interface, allows remote attackers to perform ARP poisoning attacks and possibly obtain sensitive information via a crafted ARP message. Juniper Networks Junos is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow remote attackers to trigger denial-of-service conditions or to obtain sensitive information. The operating system provides a secure programming interface and Junos SDK. The following versions are affected: Juniper Junos 10.4, 11.4, 11.4X27, 12.1, 12.1X44, 12.1X45, 12.2, 12.3, 13.1

Indusoft Web Studio is a powerful graphics control software. InduSoft Thin Client is a thin client product of InduSoft Company in the United States. It is a computer terminal that basically does not need applications in the client / server network system. A remote buffer overflow vulnerability exists in InduSoft Thin Client. The vulnerability stems from the program's incorrect boundary check of user-supplied input, causing the size of the program's copied data to exceed the allocated memory buffer space. An attacker could use this vulnerability to execute arbitrary code in the context of an application using ActiveX controls, and may also cause a denial of service. Vulnerabilities exist in InduSoft Thin Client 7.1, other versions may also be affected. Failed exploit attempts will likely result in denial-of-service conditions

ONO Hitron CDE-30364 is a wireless router product. There is a denial of service vulnerability in the ONO Hitron CDE-30364 router, which is caused by the program's incorrect boundary check on the data submitted by the user. An attacker could use this vulnerability to cause a denial of service

Tor is an implementation of the second generation of onion routing, through which users can communicate anonymously over the Internet. Tor has multiple denial of service vulnerabilities. An attacker could exploit these vulnerabilities to cause an affected application to crash, resulting in a denial of service

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599. Rockwell Automation RSLinx Enterprise software (LogReceiver.exe) Contains an integer overflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. Crash and need to be restarted to get normal service. RSLinx Enterprise is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. The following versions are vulnerable: RSLinx Enterprise CPR9 RSLinx Enterprise CPR9-SR1 RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software. The following products and versions are affected: Rockwell Automation RSLinx Enterprise Version 5.10.00, Version 5.10.01, Version 5.20.00, Version 5.21.00, Version 5.30.00, Version 5.40.00, Version 5.50.00, Version 5.51.00 , version 5.60.00

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599. Rockwell Automation RSLinx Enterprise software (LogReceiver.exe) Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. RSLinx Enterprise is prone to a remote denial-of-service vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. The following versions are vulnerable: RSLinx Enterprise CPR9 RSLinx Enterprise CPR9-SR1 RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software. A buffer error vulnerability exists in Rockwell Automation RSLinx Enterprise due to improper bounds checking of user-submitted data. The following products and versions are affected: Rockwell Automation RSLinx Enterprise Version 5.10.00, Version 5.10.01, Version 5.20.00, Version 5.21.00, Version 5.30.00, Version 5.40.00, Version 5.50.00, Version 5.51.00 , version 5.60.00

Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it receives a datagram with an incorrect value in the “Record Data Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to an oversized value, an attacker could cause an out-of-bounds read access violation that leads to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to this vulnerability can be found at the following Rockwell Automation Security Advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599. Rockwell Automation RSLinx Enterprise software (LogReceiver.exe) Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RSLinx Enterprise is a standard OPC server software that bridges the communication between RSView Server and PLC. Need to manually restart to get normal functions. RSLinx Enterprise is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected application to crash, denying service to legitimate users. The following versions are vulnerable: RSLinx Enterprise CPR9 RSLinx Enterprise CPR9-SR1 RSLinx Enterprise CPR9-SR2 RSLinx Enterprise CPR9-SR3 RSLinx Enterprise CPR9-SR4 RSLinx Enterprise CPR9-SR5 RSLinx Enterprise CPR9-SR5.1 RSLinx Enterprise CPR9-SR6. This software can establish communication links for Allen-Bradley (AB) programmable controllers, various Rockwell software, and AB application software

The remember feature in the DHCP server in Cisco IOS allows remote attackers to cause a denial of service (device reload) by acquiring a lease and then sending a DHCPRELEASE message, aka Bug ID CSCuh46822. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCuh46822

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. This case " Cross frame scripting (XFS)" Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCui82666 It is released as.Skillfully crafted by a third party Web There is a possibility of unspecified attacks such as a clickjacking attack being performed through the site. Cisco Identity Services Engine is prone to a cross-frame scripting vulnerability. Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. This issue is being tracked by Cisco Bug ID CSCui82666. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A cross-frame vulnerability exists in Sponsor Portal in Cisco ISE 1.2 and earlier versions. The vulnerability is caused by the program not properly restricting the use of IFRAME elements. A remote attacker could exploit this vulnerability via a specially crafted website to carry out a clickjacking attack

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCug90502. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote authorized attacker can exploit this vulnerability to execute arbitrary SQL commands

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCug77655. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability is caused by the program's insufficient filtering of input parameters. A remote attacker can exploit this vulnerability to inject arbitrary Web scripts or HTML by enticing users to open malicious links

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. Apple Motion is prone to a remote integer-overflow vulnerability because it fails to properly bounds-check user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Apple Motion 5.0.7 is vulnerable; other version may also be affected. The tool works with Final Cut Pro (video non-linear editing software) to create compelling titles, transitions, special effects, and more. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-12-19-1 Motion 5.1 Motion 5.1 is now available and addresses the following: Motion Available for: OS X Mavericks v10.9 or later Impact: A maliciously crafted .motn file could lead to arbitrary code execution Description: An integer overflow existed in the handling of .motn files which led to an out of bounds memory access. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-6114 : Jean Pascal Pereira Motion 5.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSssLjAAoJEPefwLHPlZEwDwwQAJ5cXQe9I7In8kPrE27xB10/ ejogkZa8FAzS9mwcuvszAxITy35e0JKe+ou65+y1F+Rv+CT9VVzzIlEP7dGr5AUa r88ok05hzQbUsFRdCa/WIE2ERUVDl0aF1T696RQj4Ulxv0nMB7L54QjW1QixH3Sj ubU6X47SdqtVopYz0ca7MPh9O92UNZNwT44dQZco03FqzAdremWNyo/E5GYCqN4d H2BUIbKOrahhfSF8x+Xtl0xaGFbNTZBY9Y2258tisDyvuvVbFGdHKbLT/n1FSUNu CYzsxiCx+cXPEgxR+CeNNvPcva8Lr3uMZginGdOVkkJFD5MWahUv3DuiHgjrmVZv 4MB/cP2tQwfTznbZYf+k3SLUt0dM/WLbE5eV6FGuDeNe7w5z1UHGTcYfCVK5yKe3 /c0NaGtpgMOaaq/UmF41U9/R2wqLUXu0nsoscG9HG10yXGsL/8/Jzfm/CQ5Nr6t5 YpjwCZU3AO/ZhQWbD5PrBMsvcCllXO/aOSSq6z2OCTDHNnotbktQZ9a+7wikC+O3 8u0/Nvwp0K+nzCRa4AMUkZzC1GoQZ6UytU8S26ifWnyXyqs4lNGSX7rmd7hwJcVA QY8k/7Zjj66Uraafolb83nXO6TL/kf1clomHFILTXEwyQUI5hmKiwpKFijAPT0ju ZunhUVBiBiHHSjEFp+p2 =00oP -----END PGP SIGNATURE-----

The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Successful exploitation of the vulnerability allows the downstream peer to reset the BGP link of the affected device. Cisco NX-OS is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. This issue is being tracked by Cisco bug ID CSCtn13055. The vulnerability is caused by the program not correctly filtering the AS path attribute value

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to a local arbitrary command-execution vulnerability. This issue is being tracked by Cisco bug IDs CSCtf19827 and CSCtf27788. An arbitrary code execution vulnerability exists in Cisco NX-OS Software due to the program's improper handling of parameters containing special characters

Cross-site request forgery (CSRF) vulnerability in the web-management interface in the fabric interconnect (FI) component in Cisco Unified Computing System (UCS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCtg20755. Vendors have confirmed this vulnerability Bug ID CSCtg20755 It is released as.A third party may be able to hijack the authentication of any user. The Cisco Unified Computing System simplifies IT management and increases flexibility by consolidating unified computing, networking, storage access, and virtualization into one system. An attacker can construct a malicious URI, entice the logged in user to resolve, and perform arbitrary operations in the target user context. Other attacks are also possible. This issue is being tracked by Cisco bug ID CSCtg20755. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology