VARIoT IoT vulnerabilities database

The SSH implementation on the D-Link Japan DWL-2100AP with firmware before R252JP-RC572 allows remote authenticated users to cause a denial of service (reboot) by leveraging login access. DWL-2100AP provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. D-Link Japan DWL-2100AP is a wireless AP device. D-Link DWL-2100AP is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot, denying service to legitimate users

The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. DES-3810 Series provided by D-Link Japan contains a denial-of-service (DoS) vulnerability due to an issue in SSH implementation. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can login with SSH may cause the product to stop responding. D-Link Japan DES-3810 is a managed switch device. D-Link DES-3810 Series are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot, denying service to legitimate users

Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware before 2.82, SEIL/X1 with firmware before 4.32, SEIL/X2 with firmware before 4.32, SEIL/B1 with firmware before 4.32, SEIL/Turbo with firmware before 2.16, and SEIL/neu 2FE Plus with firmware before 2.16 allows remote attackers to execute arbitrary code via a crafted L2TP message. SEIL Series routers contain a buffer overflow vulnerability. The PPP Access Concentrator (PPPAC) in SEIL Series routers provided by Internet Initiative Japan Inc. contains a buffer overflow vulnerability in processing L2TP messages.An attacker may execute an arbitrary code on the vulnerable system. The SEIL Router is a router from Japan's SEIL vendors. SEIL series routers, including SEIL/x86, SEIL/B1, SEIL/X1, SEIL/X2, Turbo, and neu 2FE Plus are prone to a buffer-overflow vulnerability because they fails to sufficiently bounds check user-supplied data Attackers can exploit this issue to execute arbitrary code in context of the affected device or cause denial-of-service conditions. SEIL/x86, etc. The following products and versions are affected: SEIL/x86 devices with firmware prior to 2.82, SEIL/X1 devices with firmware prior to 4.32, SEIL/X2 devices with firmware prior to 4.32, SEIL/B1 devices with firmware prior to 4.32 , SEIL/Turbo devices using firmware earlier than 2.16, and SEIL/neu 2FE Plus devices using firmware earlier than 2.16

The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows remote attackers to bypass RADIUS authentication by sniffing RADIUS traffic. SEIL Series routers contain a vulnerability in RADIUS authentication. SEIL/Turbo and SEIL/neu 2FE Plus routers are router devices developed by SEIL. Multiple SEIL products are prone to a security weakness. Attackers can leverage this issue to bypass certain security restrictions. This may aid in further attacks. The following products are vulnerable: SEIL/x86 1.00 through 2.81 SEIL/X1 1.00 through 4.31 SEIL/X2 1.00 through 4.31 SEIL/B1 1.00 through 4.31 SEIL/Turbo 2.05 through 2.15 SEIL/neu 2FE Plus 2.05 through 2.15. SEIL/x86, etc. SEIL/x86 due to the fact that the program generates predictable random numbers. SEIL/x86 Versions 1.00 to 2.80, SEIL/X1 Versions 1.00 to 4.30, SEIL/X2 Versions 1.00 to 4.30, SEIL/B1 Versions 1.00 to 4.30, SEIL/Turbo Versions 1.80 to 2.15, and SEIL/neu 2FE Plus versions 1.80 to 2.15

Hitachi JP1 / Cm2 / Network Node Manager is a system management software developed by Hitachi. Hitachi JP1 / Cm2 / Network Node Manager has multiple unknown security vulnerabilities that allow remote attackers to use the vulnerabilities to obtain sensitive information, conduct denial of service attacks, or potentially execute arbitrary code in the context of the application. Few technical details are currently available. We will update this BID as more information emerges

Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Invensys Wonderware InTouch HMI To read any file, to an Internet server HTTP Request sent or service disruption (CPU And memory consumption ) Vulnerabilities exist. Invensys Wonderware InTouch is an HMI created by Invensys Wonderware for applications that design, build, deploy, and maintain production and infrastructure operations. Invensys Wonderware InTouch is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The attacker may also exploit this issue to cause denial-of-service conditions. Invensys Wonderware InTouch 2012 R2 and prior versions are vulnerable. Invensys Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Invensys, UK. The solution creates standardized, reusable visualization applications

Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. Apple iOS for iPhone is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The vulnerability stems from the program not properly managing the lock state. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference. CVE-ID CVE-2013-5160 : Karam Daoud of PART - Marketing & Business Development, Andrew Chung, Mariusz Rysz Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see recently used apps, see, edit, and share photos Description: The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked. CVE-ID CVE-2013-5161 : videosdebarraquito Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSQ2o5AAoJEPefwLHPlZEwmj8P/04PIEJuGhf8hv/IdYIHMLol chQHK/MXigk+aH9BriQbFpqAyByqyh9x4+6hJeywWdtF7u6SzfbRgBNoPWEZw0d8 VrtVBMi2VeNRTxOJWV+rivA7xA2doxkLSIILHzDVenj8JeNO87q85KsrhRmzmeaa jUojdE9o/0OGjjF1WuDM4UDGx/TzhpUoqzFR1hSP41g87xsYp/gRTV/R3821lxG6 8sUSeJ4l8qHFQKIUPAxJaSie8JbbK8Yeturix6sMCvYZdougtd7oMV5TxJVZXbC1 ePZUvhfVwuD7y5bFx2VKYvci5oFMgOlNyFZMDrkpM8BF2UsfEmvoHQPLwzYSdXXs 5wY/nwbuKm57Wq8PH0H3hyt4ycH0YB1YqxtY8oPjREJioA6mLHNGs70HFHvf+zjW 7ukGnI7c2efMMjoM0+UCmo03/5Wh8ji0tjrDjvM3gybm8keXH/cZPF13/kihXrs/ M6QVgWWjCO/IqhUh4MGDWzfzCqg+hlNJLAR/r1TocuDb4/NWj/nI2FHIoDIsNYjR XZ9qw0sIqsTF3nqf3zKhxEtXENEpSnGR7xGJ6xjcy8BCobHn81m7XKpnQFaNBido C669zPmyF0B6W0LiRmwvCp0Z6ielE0Tu3f9jsikOT/NUEqGFPtBhqR238G1rmHzH 6vDxXI1d8H2uZqoShAaZ =Nryx -----END PGP SIGNATURE-----

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. Cisco AnyConnect Secure Mobility Client is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to run arbitrary programs with elevated privileges. This issue is being tracked by Cisco Bug ID CSCue33619

Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338. Cisco MediaSense of oraadmin The service page contains a cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. These issues are being tracked by Cisco Bug ID CSCuj23320, CSCuj23324, CSCuj23333 and CSCuj23338. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. Cisco MediaSense of oraservice The page contains a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuj23328. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc. The vulnerability is caused by the program not filtering parameters sufficiently

The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interface connection request, aka Bug ID CSCuf20148. Cisco Intrusion Prevention System is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the application to hang intermittently, which leads to denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuf20148. The system can immediately interrupt, adjust or isolate some abnormal or harmful network data transmission behaviors

Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. F5 BIG-IP APM is prone to a cross-site scripting vulnerability because it fails to properly sanitize certain unspecified input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 are vulnerable. other versions may also be affected. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. there is a possibility. Apple iOS is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and gain unauthorized access to the device's application, thereby disclosing sensitive information. Apple iOS 7 is vulnerable; other versions may also be affected. The vulnerability stems from the program not properly managing the locking state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-26-1 iOS 7.0.2 iOS 7.0.2 is now available and addresses the following: Passcode Lock Available for: iPhone 4 and later Impact: A person with physical access to the device may be able to make calls to any number Description: A NULL dereference existed in the lock screen which would cause it to restart if the emergency call button was tapped repeatedly. While the lock screen was restarting, the call dialer could not get the lock screen state and assumed the device was unlocked, and so allowed non-emergency numbers to be dialed. This issue was addressed by avoiding the NULL dereference. CVE-ID CVE-2013-5160 : Karam Daoud of PART - Marketing & Business Development, Andrew Chung, Mariusz Rysz Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to see recently used apps, see, edit, and share photos Description: The list of apps you opened could be accessed during some transitions while the device was locked, and the Camera app could be opened while the device was locked. CVE-ID CVE-2013-5161 : videosdebarraquito Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0.2". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSQ2o5AAoJEPefwLHPlZEwmj8P/04PIEJuGhf8hv/IdYIHMLol chQHK/MXigk+aH9BriQbFpqAyByqyh9x4+6hJeywWdtF7u6SzfbRgBNoPWEZw0d8 VrtVBMi2VeNRTxOJWV+rivA7xA2doxkLSIILHzDVenj8JeNO87q85KsrhRmzmeaa jUojdE9o/0OGjjF1WuDM4UDGx/TzhpUoqzFR1hSP41g87xsYp/gRTV/R3821lxG6 8sUSeJ4l8qHFQKIUPAxJaSie8JbbK8Yeturix6sMCvYZdougtd7oMV5TxJVZXbC1 ePZUvhfVwuD7y5bFx2VKYvci5oFMgOlNyFZMDrkpM8BF2UsfEmvoHQPLwzYSdXXs 5wY/nwbuKm57Wq8PH0H3hyt4ycH0YB1YqxtY8oPjREJioA6mLHNGs70HFHvf+zjW 7ukGnI7c2efMMjoM0+UCmo03/5Wh8ji0tjrDjvM3gybm8keXH/cZPF13/kihXrs/ M6QVgWWjCO/IqhUh4MGDWzfzCqg+hlNJLAR/r1TocuDb4/NWj/nI2FHIoDIsNYjR XZ9qw0sIqsTF3nqf3zKhxEtXENEpSnGR7xGJ6xjcy8BCobHn81m7XKpnQFaNBido C669zPmyF0B6W0LiRmwvCp0Z6ielE0Tu3f9jsikOT/NUEqGFPtBhqR238G1rmHzH 6vDxXI1d8H2uZqoShAaZ =Nryx -----END PGP SIGNATURE-----

Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality. Vendors have confirmed this vulnerability Bug ID CSCue77035 and CSCue77036 It is released as. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processImageSave_jsp servlet which contains an arbitrary file creation vulnerability. When the 'mode' argument of a GET request is set to 'save', a remote attacker can specify other arguments that allow for control of the data and location of the file. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user. Multiple arguments of a multipart form request are vulnerable to directory traversal attacks. These issues are tracked by Cisco Bug IDs CSCue77035 and CSCue77036. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance. These vulnerabilities are caused by the program not adequately filtering the data submitted by users. Successful exploitation could result in complete control of the system

DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCue77029. Vendors have confirmed this vulnerability Bug ID CSCue77029 It is released as.A third party may be able to read arbitrary files. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. Without prior authentication, an attacker could invoke the DownloadServlet to disclose an arbitrary file from the file system. With this information, a remote attacker could abuse this to execute arbitrary code against the target server. Successfully exploiting this issue may allow an attacker to gain access to certain arbitrary files. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCue77029. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to read arbitrary text files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCud80148. In this case, XML External entity (XXE) Vulnerability related to the problem. An attacker can exploit this issue to gain access to arbitrary text files on the underlying operating system with root privileges. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud80148. The manager provides multi-protocol management of the network and provides troubleshooting capabilities for switch health and performance

MCServer in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to cause a denial of service (application crash) via invalid MCTools parameters, aka Bug ID CSCtg20734. Cisco Unified Computing System is prone to a local denial-of-service vulnerability because it fails to properly validate the user-supplied input. Local attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtg20734. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749. Cisco Unified Computing System (UCS) of Cisco Management Controller of MCTools Contains a privileged vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue being tracked by Cisco Bug ID CSCtg20749. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. Vendors have confirmed this vulnerability Bug ID CSCud32600 It is released as.By a third party HTTP User name and password may be obtained through the request. Cisco Prime Central for HCS Assurance is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive information on the affected system. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud32600. The platform provides functions such as secure access authentication and real-time fault analysis

Multiple buffer overflows in the administrative web interface in Cisco Unified Computing System (UCS) allow remote authenticated users to cause a denial of service (memory corruption and session termination) via long string values for unspecified parameters, aka Bug ID CSCtg20751. Cisco Unified Computing System (UCS) Management Web The interface contains a buffer overflow vulnerability. An attacker can exploit this issue to cause administrative sessions to be terminated, which leads to denial-of-service conditions. This issue is tracked by Cisco Bug ID CSCtg20751. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology