VARIoT IoT vulnerabilities database

Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue being tracked by Cisco bug ID CSCuh10298. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker can exploit this vulnerability by enticing an authorized CUCM user to click a malicious link to perform Unified Serviceability operations with authorized CUCM user privileges

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. Vendors have confirmed this vulnerability Bug ID CSCuh64574 It is released as.A third party may enumerate directories and files through crafted requests. Cisco Prime Central for Hosted Collaboration Solution is prone to a remote information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCuh64574. Cisco Prime Central for Hosted Collaboration Solution 9.1.1 and prior are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis. The vulnerability stems from a request for an arbitrary pathname. The program returns a different response depending on whether the requested pathname exists

The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (device reload or traffic-processing outage) via fragmented (1) IPv4 or (2) IPv6 traffic, aka Bug ID CSCue88387. Vendors have confirmed this vulnerability Bug ID CSCue88387 It is released as.Fragmented by a third party (1) IPv4 Or (2) IPv6 Service disruption through traffic ( Stop device reload or traffic processing ) There is a possibility of being put into a state. Cisco ASA NGFW is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. The following Cisco products are vulnerable: Cisco ASA NGFW versions prior to 9.1.1.9 Cisco NGFW versions prior to 9.1.2.12 This issue is being tracked by Cisco Bug ID CSCue88387. Cisco ASA is a set of firewall equipment of Cisco (Cisco). The device also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, antispam, and more

The administrative web server on the Digital Alert Systems DASDEC EAS device through 2.0-2 and the Monroe Electronics R189 One-Net EAS device through 2.0-2 uses predictable session ID values, which makes it easier for remote attackers to hijack sessions by sniffing the network. NOTE: VU#662676 states "Monroe Electronics could not reproduce this finding. An attacker with SSH access to a device could use the key to log in with root privileges. ** Unsettled ** This case has not been confirmed as a vulnerability. "A remote attacker could intercept your network and hijack your session

The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files. An attacker with SSH access to a device could use the key to log in with root privileges. Multiple Vendors EAS Devices are prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh24749 and CSCuh84596. This appliance is mainly used to manage all policies, reports, audit information, etc. =============================== - Advisory - =============================== Tittle: Cisco IronPort Security Management Appliance - Multiple issues Risk: Medium Date: 20.May.2013 Author: Pedro Andujar Twitter: @pandujar .: [ INTRO ] :. Is a central platform for managing all policy, reporting, and auditing information for Cisco web and email security appliances. .: [ TECHNICAL DESCRIPTION ] :. Name: Reflected Cross Site Scripting Severity: Low CVE: CVE-2013-3396 There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request: ** PoC removed as requested by Cisco. ** .: [ ISSUE #2 }:. Name: Stored Cross Site Scripting Severity: Medium Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. ** PoC removed as requested by Cisco. ** .: [ ISSUE #3 }:. Name: CSRF Token is not used Severity: Low CVE: CVE-2013-3395 CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area of the application, we got no error even when completely removing the parameter CSRFKey; ** PoC removed as requested by Cisco. ** See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844 .: [ ISSUE #4 }:. Name: Lack of password obfuscation Severity: Low When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext. .: [ CHANGELOG ] :. * 20/May/2013: - Vulnerability found. * 27/May/2013: - Vendor contacted. * 11/Jul/2013: - Public Disclosure .: [ SOLUTIONS ] :. Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process. Stored XSS CSCuh24755 Reflected XSS http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396 SNMP password issue CSCuh27268, CSCuh70314 CSRF http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395 .: [ REFERENCES ] :

Directory traversal vulnerability in an unspecified signed Java applet in the client-side components in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, FirePass 6.0.0 through 6.1.0 and 7.0.0, and other products "when APM is provisioned," allows remote attackers to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. F5 BIG-IP APM and FirePass are prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker can use directory-traversal strings to overwrite arbitrary files in the context of the affected applications. The following versions are vulnerable: F5 BIG-IP APM 10.1.0 through 10.2.4 F5 BIG-IP APM 11.0.0 through 11.3.0 F5 FirePass 6.0.0 through 6.1.0 and 7.0.0. F5 BIG-IP Access Policy Manager (APM) and FirePass SSL VPN (FirePass) are both products of the US company F5. BIG-IP APM is a set of solutions that provide secure unified access to business-critical applications and networks. FirePass is a product that provides secure remote access to internal enterprise applications and data

The Precision Video Engine component in Cisco Jabber for Windows and Cisco Virtualization Experience Media Engine allows remote attackers to cause a denial of service (process crash and call disconnection) via crafted RTP packets, aka Bug IDs CSCuh60706 and CSCue21117. Cisco Jabber is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the various processes or disconnection of any active calls on the device, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCuh60706 and CSCue21117

Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors. ASUS RT-N66U is a wireless router product from ASUS Taiwan. A directory traversal vulnerability exists in ASUS RT-N66U version 3.0.0.4.270 and 3.0.0.4.354. Remote vulnerabilities can be used by remote attackers to obtain sensitive information, and the acquisition of this information can help launch further attacks. Other attacks may also be possible. The following versions are affected: ASUS RT-AC66U with firmware 3.0.0.4.354 and earlier, RT-N66U 3.0.0.4.370 and earlier, RT-N65U 3.0.0.4.346 and earlier, RT-N14U 3.0.0.4.356 and earlier, RT-N16 3.0.0.4.354 and earlier, RT-N56U 3.0.0.4.360 and earlier and 3.0.0.4.364 and earlier, DSL -N55U

The TRENDnet TE100-P1U is a print server that converts any standalone USB network printer into a shared network printer. There are multiple authentication bypass vulnerabilities in the TRENDnet TE100-P1U firmware. An attacker could exploit these vulnerabilities to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks. TRENDnet TE100-P1U firmware version 4.11 is affected; other versions may also be vulnerable

An attacker could exploit a vulnerability to bypass certain security restrictions and perform unauthorized operations in the context of a user session. The Cisco Linksys X3000 is a wireless router product. Multiple command execution vulnerabilities exist in Cisco Linksys X3000 1.0.03 build 001 and other versions. An attacker can exploit the vulnerability to execute arbitrary commands. Multiple command-execution vulnerabilities 2. A security-bypass vulnerability 3

Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco WebEx Social allow remote attackers to hijack the authentication of arbitrary users via unspecified vectors, aka Bug IDs CSCuh10405 and CSCuh10355. Cisco WebEx Social Contains a cross-site request forgery vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuh10405 and CSCuh10355 It is released as.A third party may be able to hijack arbitrary user authentication. Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. These issues are being tracked by Cisco Bug IDs CSCuh10405 and CSCuh10355. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software. A remote attacker could exploit these vulnerabilities to hijack authentication of any user

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows remote HTTP servers to conduct heap-based buffer overflow attacks and execute arbitrary code via a crafted response. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks

The Buffalo WZR-HP-G300NH2 is a wireless routing device. Buffalo WZR-HP-G300NH2 has a cross-site request forgery vulnerability that allows an attacker to construct a malicious URI, entice the logged in user to resolve, and perform malicious actions in the target user context. For example, change the administrator account information.

Siemens OpenScape is a unified communications software platform from Siemens. Siemens OpenScape failed to properly restrict access to users, allowing unauthenticated remote attackers to obtain server statistics, including CPU, memory, and disk usage

Siemens OpenScape is a unified communications software platform from Siemens. Siemens OpenScape '/core/getLog.php' incorrectly filters user-submitted input, allowing remote attackers to exploit malicious exploits to submit malicious file requests for system file content

The Linksys N300 Router is a router device. A cross-site scripting vulnerability exists in the Linksys N300 Router. Because the input passed to apply.cgi via \"submit_button\" GET lacks filtering before returning to the user, allowing remote attackers to exploit the vulnerability to build a malicious URI, entice the user to resolve, gain sensitive information or hijack the user's session.

Siemens OpenScape is a unified communications software platform from Siemens. There are several reflective cross-site scripting vulnerabilities in Siemens OpenScape. Allows an attacker to build a malicious URI, entice a user to parse, get sensitive information, or hijack a user's session

Siemens OpenScape is a unified communications software platform from Siemens. Siemens OpenScape '/core/getLog.php' failed to properly filter user-submitted input, allowing remote attackers to exploit vulnerabilities to submit malicious POST requests to execute OS commands in the application context

The 3G Mobile Hotspot feature on the HTC Droid Incredible has a default WPA2 PSK passphrase of 1234567890, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. HTC Droid Incredible is a smartphone that uses the Android operating system