VARIoT IoT vulnerabilities database

Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. The problem is Bug ID CSCtx77750 It is a problem.By a third party PSTN By eavesdropping on calls, you may get important crosstalk information. Cisco IOS is a popular Internet operating system. In Cisco IOS 15.1 and 15.2, PSTN callers can hear crosstalk messages while the phone is on standby, causing sensitive information to leak. An attacker can exploit this issue to gain access to sensitive information. Information obtained may aid in further attacks. This vulnerability is tracked by Cisco Bug ID CSCtx77750

Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. The Cisco Carrier Routing System is a carrier-grade routing system. An attacker can exploit this issue to bypass certain security restrictions. This issue is being tracked by Cisco BugID CSCtj10975

Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. Cisco NX-OS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCtk34535 and CSCtk19132

Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143. (CPU Resource consumption ) There is a vulnerability that becomes a condition. The Cisco Adaptive Security Appliance (ASA) 5500 Series is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause excessive CPU consumption, resulting in a denial-of-service condition. This issue being tracked by Cisco bug ID CSCtz63143

Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. Successful exploits may allow an attacker to cause excessive memory consumption, resulting in a denial-of-service condition. This issue being tracked by Cisco bug ID CSCth34278

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. Cisco IP Communicator is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks. IP Communicator 8.6 is vulnerable

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. A local attacker may exploit this issue to execute arbitrary code with Local System privileges. Successful exploits will result in the complete compromise of affected computers. The vulnerability is caused by not properly restricting the VIOS viosrvcmd command

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. These issues are tracked by Cisco Bug IDs CSCts32452 and CSCts32463

Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. These issues are tracked by Cisco Bug IDs CSCts32452 and CSCts32463

The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. Cisco IOS is a popular Internet operating system. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtq06538

The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Conversation. An attacker can exploit this issue to gain unauthorized access to the affected device. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks. Predictable session ID value

Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long URI. Huawei AR routers and Huawei S series switches are network devices of Huawei products. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Huawei Access Router (AR) is a low-end router product developed by Huawei in China. This product provides mobile and fixed network access methods, suitable for enterprise networks

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. Successful exploitation of the issue will cause the application to crash, resulting in a denial-of-service condition. This issue is being monitored by Cisco BugId CSCty01670

Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. Note: This BID is being retired as a duplicate of BID 54789 (Debian 'openvswitch-pki' Package Multiple Insecure File Permissions Vulnerabilities). openvswitch-pki is prone to multiple insecure file-permission vulnerabilities. This may aid in further attacks. openvswitch-pki 1.4.2+git20120612-7 is vulnerable; other versions may be vulnerable. Open vSwitch (OVS) is a multi-layer virtual switch product based on open source technology (following the Apache2.0 license). It supports large-scale network automation, standard management interfaces and protocols, etc. through programming extensions. A vulnerability exists in Open vSwitch version 1.4.2 in /var/lib/openvswitch/pki/controllerca/incoming/ and /var/lib/openvswitch/pki/switchca/incoming/ due to the use of "Writable by everyone" "

Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. GoodReader contains a cross-site scripting vulnerability. GoodReader is a document reader for Apple mobile devices. GoodReader contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When GoodReader is used through a web browser, an arbitrary script may be executed on the user's web browser. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. GoodReader 3.16 and prior versions for iPad are vulnerable. GoodReader 3.15.1 and prior versions for iPhone and iPod touch are vulnerable

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue.". Opera Contains vulnerabilities that are unspecified.It may be affected unspecified. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. It supports multi-window browsing and a customizable user interface. Unidentified vulnerabilities exist in Opera versions prior to 12.01 on Windows and UNIX systems, Opera versions prior to 11.66 on Mac OS X-based systems, and Opera versions prior to 12.01. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: September 25, 2012 Bugs: #429478, #434584 ID: 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to trick a user into downloading and executing files, conduct Cross-Site Scripting (XSS) attacks, spoof the address bar, or have other unspecified impact. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532" References ========== [ 1 ] CVE-2012-4010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010 [ 2 ] CVE-2012-4142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142 [ 3 ] CVE-2012-4143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143 [ 4 ] CVE-2012-4144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144 [ 5 ] CVE-2012-4145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145 [ 6 ] CVE-2012-4146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146 [ 7 ] Opera 12.01 for UNIX changelog http://www.opera.com/docs/changelogs/unix/1201/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. Opera Web Browser is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass the cross-site scripting sanitizer. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials. Opera Web Browser versions prior to 12.01 and 11.66 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Opera: Multiple vulnerabilities Date: September 25, 2012 Bugs: #429478, #434584 ID: 201209-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/opera < 12.01.1532 >= 12.01.1532 Description =========== Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to trick a user into downloading and executing files, conduct Cross-Site Scripting (XSS) attacks, spoof the address bar, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532" References ========== [ 1 ] CVE-2012-4010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010 [ 2 ] CVE-2012-4142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142 [ 3 ] CVE-2012-4143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143 [ 4 ] CVE-2012-4144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144 [ 5 ] CVE-2012-4145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145 [ 6 ] CVE-2012-4146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146 [ 7 ] Opera 12.01 for UNIX changelog http://www.opera.com/docs/changelogs/unix/1201/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5