VARIoT IoT vulnerabilities database
| VAR-201310-0505 | CVE-2013-5522 | Catalyst 3750X Runs on the switch Cisco IOS Vulnerability gained in |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. The Cisco Catalyst 3750 Series Switch is an innovative switch that increases LAN efficiency by combining industry-leading ease of use with the highest resiliency of stackable switches. Allows an attacker to exploit the vulnerability to gain full access to the affected device.
This issue is tracked by Cisco Bug ID CSCue92286
| VAR-201310-0664 | No CVE | Multiple Verification Bypass Vulnerabilities in Netgear WNDR3700 Router |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Netgear WNDR3700 is a wireless router product from NetGear.
A remote authentication bypass vulnerability exists in the Netgear WNDR3700 router using version 4 firmware, affecting the web-based management interface. An attacker could use this vulnerability to bypass the authentication mechanism and gain access to the affected device.
Netgear WNDR3700 routers running firmware 4 are vulnerable
| VAR-201310-0619 | CVE-2013-6244 | SAP NetWeaver of Live Update webdynpro Vulnerability in application to read arbitrary files and directories |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. SAP NetWeaver is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Given the nature of this issue, attacker may also be able to cause a denial-of-service condition
| VAR-201310-0798 | No CVE | Tenda wireless router remote command execution backdoor vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Tenda is a network equipment provider in Shenzhen.
There are backdoors in Tenda's W330R and W302R wireless router firmware latest versions and Medialink MWN-WAPR150N. The vulnerability can be exploited through a UDP packet. If the device receives a packet starting with the string "w302r_mfg", it can trigger the vulnerability to execute various commands, and even execute any command with root privileges.
| VAR-201310-0801 | No CVE | HP LaserJet Pro Printer Remote Administrator Password Disclosure Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HP is the world's leading high-tech provider, offering a full line of notebooks, desktops, workstations and more. Some networked HP laser printers contain hard-coded URLs in the firmware. These URLs (for example: http://ip_address/dev/save_restore.xml, http://ip_address:8080/IoMgmt/Adapters/wifi0/WPS/Pin) can be accessed without authentication. Then get the plain text administrator password and other information such as WiFi settings.
| VAR-201310-0514 | CVE-2013-5531 | Cisco Identity Services Engine Vulnerabilities that bypass authentication |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine is prone to a remote authentication-bypass vulnerability.
An attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks.
This issue is tracked by Cisco Bug ID CSCty20405.
Versions prior to Cisco Identity Services Engine 1.1.1 are vulnerable. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system to download a complete product support package and obtain sensitive information
| VAR-201310-0535 | CVE-2013-5549 | Cisco IOS XR Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of service (transmission outage) via (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCuh30380. Vendors have confirmed this vulnerability Bug ID CSCuh30380 It is released as.By a third party (1) IPv4 Or (2) IPv6 Service disruption through traffic ( Stop sending ) There is a possibility of being put into a state. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. Lead to a denial of service attack. The following processors are affected by this vulnerability: Cisco CRS 16-Slot Line Card Chassis Route Processor (RP-A) Cisco CRS 16-Slot Line Card Chassis Route Processor B (RP-B) Carrier Routing System (CRS) Performance Route Processor (PRP) ) Cisco CRS Distributed Route Processor (DRP-B).
Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition.
This issue is being tracked by Cisco Bug ID CSCuh30380. The vulnerability stems from the fact that the router processor components (including: RP-A, RP-B, PRP, DRP-B) do not properly process segmented data Bag. A remote attacker could exploit this vulnerability to cause a denial of service (transmission interruption) by sending fragmented packets to an affected system
| VAR-201310-0519 | CVE-2013-5536 | Cisco Secure Access Control System Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to cause some processes to crash, resulting in a denial of service.
This issue is being tracked by Cisco Bug ID CSCui51521. The system can respectively control network access and network device access through RADIUS and TACACS protocols
| VAR-201310-0520 | CVE-2013-5537 | plural Cisco Security appliance Web Service operation interruption in the framework (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. Vendors have confirmed this vulnerability Bug ID CSCuj59411 , CSCuf89818 ,and CSCuh05635 It is released as.Multiple third parties TCP Service disruption via connection ( management GUI Stop ) There is a possibility of being put into a state. Cisco is the world's leading provider of Internet solutions. A denial of service vulnerability exists in Cisco Appliances. A remote attacker could exploit this vulnerability to render the affected device unresponsive, resulting in a denial of service.
This issue is being tracked by Cisco Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. ESA is an email security appliance. Content SMA is a set of content security management equipment. There is a denial-of-service vulnerability in the GUI function of the web framework. The vulnerability stems from the fact that the program does not properly manage the connection process of HTTP and HTTPS. The following devices are affected: Cisco WSA, ESA, Content SMA
| VAR-201310-0333 | CVE-2013-5703 | DrayTek Vigor 2700 ADSL router contains a command injection vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77). DrayTek Provided by Vigor2700 Contains a command injection vulnerability. DrayTek Provided by Vigor2700 Of the adjacent access point SSID The variables.js Hold on. Vigor2700 The web management screen for variables.js There is a problem with handling, command injection (CWE-77) Vulnerabilities exist. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlCrafted SSID By receiving, there is a possibility that arbitrary operations will be executed on the product. The DrayTek Vigor 2700 ADSL Router is an ADSL router. The DrayTek Vigor 2700 ADSL router stores the discovered AP SSIDs in the sWlessSurvey variable in variables.js and is handled by the WEB management interface. The attacker can construct a specially crafted SSID value containing the JavaScritp code when added to variables.js. The script is executed by the router.
Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. The vulnerability comes from the fact that the sWlessSurvey variable in the variables.js list does not add the SSID value correctly
| VAR-201310-0499 | CVE-2013-5144 | iPhone Runs on device Apple iOS Vulnerabilities bypassing passcode requirements in passcode lock |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. Apple iOS for iPhone is prone to a local security-bypass vulnerability.
An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices
| VAR-201310-0498 | CVE-2013-5143 | Apple OS X Server of Server App of RADIUS In service RADIUS Session hijacking vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. Apple Mac OS X Server is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to an affected application.
Versions prior to Mac OS X Server 3.0 are vulnerable. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. The vulnerability is caused by the wrong use of the Fallback X.509 certificate on the server. An attacker can exploit this vulnerability to hijack RADIUS sessions by implementing a man-in-the-middle attack
| VAR-201310-0497 | CVE-2013-5148 | Apple Keynote Vulnerabilities that gain access |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. Apple Keynote is prone to a security-bypass vulnerability.
Local attackers can leverage this issue to bypass certain security restrictions and gain unauthorized access.
Apple Keynote prior to 6.0 are vulnerable. The software can make slideshows and supports true 3D transformations, including cube rotation, card switching, dissolution, etc. An attacker in physical proximity could exploit this vulnerability by gaining access to an unattended workstation while the computer is asleep
| VAR-201310-0496 | CVE-2013-5130 | Apple Safari Used in products such as WebKit Vulnerable to browsing information |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. This vulnerability Webkit Vulnerability in Webkit Other products that use may also be affected.By the attacker, LocalStorage/ Browsing information may be obtained by using the file.
An attacker may exploit this issue by enticing victims into viewing a malicious webpage.
Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome
| VAR-201310-0495 | CVE-2013-5136 | Apple Remote Desktop Vulnerability where important information is obtained |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. Apple Remote Desktop is prone to an information-disclosure vulnerability.
A remote man-in-the-middle attacker can exploit this issue to disclose potentially sensitive information. Information obtained may aid in further attacks. The system supports software distribution, resource management and remote assistance, etc
| VAR-201310-0494 | CVE-2013-5135 | Apple Mac OS X and Apple Remote Desktop of Screen Sharing Server format string vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. Apple Remote Desktop is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as a format specifier to a formatted-printing function.
An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. The system supports software distribution, resource management and remote assistance, etc
| VAR-201310-0493 | CVE-2013-5181 | Apple Mac OS X Vulnerability in the collection of important information in the automatic email configuration function |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Apple Mac OS X is prone to an insecure authentication weakness.
A remote attacker can exploit this issue to obtain a user's authentication credentials as they are sent to a server in plaintext format.
Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security vulnerabilities), but has been given its own record to better document it.
Mac OS X versions prior to 10.9. The vulnerability is caused by the Mail application choosing plain text authentication instead of CRAM-MD5 authentication
| VAR-201310-0492 | CVE-2013-5180 | Apple Mac OS X of Libc of srandomdev Vulnerability that breaks cryptographic protection mechanisms in functions |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.
An attacker can exploit this weakness to predict random number values and bypass certain security restrictions.
Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it.
Mac OS X versions prior to 10.9. When the srandomdev function cannot access the kernel random number generator, the function will fall back to an alternative method that has been removed during optimization, resulting in a lack of randomness. Attackers can exploit this vulnerability to invalidate the encryption protection mechanism
| VAR-201310-0489 | CVE-2013-5177 | Apple Mac OS X Service disruption in some kernels (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
Local attacker can exploit this issue to crash the system and cause denial-of-service condition.
Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it.
Apple Mac OS X versions prior to 10.9 are vulnerable
| VAR-201310-0488 | CVE-2013-5176 | Apple Mac OS X Service disruption in some kernels (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. Apple Mac OS X is prone to a local denial of service vulnerability.
Attackers can exploit this issue to cause a denial of service condition.
Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it.
Apple Mac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by an integer truncation problem when the program handles tty devices