VARIoT IoT vulnerabilities database

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213 allows remote attackers to modify data or cause a denial of service via unknown vectors. Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-03-06 Last Updated: 2013-03-06 Potential Security Impact: Unauthorized access to data Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP LaserJet Pro printers. References: CVE-2012-5215 (VU#782451, SSRT101078) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. RESOLUTION HP has provided updated printer firmware to resolve this issue. Browse to www.hp.com/go/support and then: Select "Drivers & Software" Enter the HP product name listed in the table above into the search field Click on "Search" If the search returns a list of products click on the appropriate product Under "Select operating system. select your operating system, click Next Under .Select a Download. Select "Firmware" Click Download to obtain the Firmware HISTORY Version: 1 (rev.1) - 6 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlE31sgACgkQ4B86/C0qfVmILwCgjUzmV+4yR3vFRndCNZYmu44l ZEUAoLp6y3fPtayoJQh5Vy6COwxkXHKN =FX3x -----END PGP SIGNATURE-----

Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. The problem is Bug ID CSCue84676 It is a problem.A third party may be able to hijack arbitrary user authentication. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCue84676

The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, Small Business 300 Series Managed Switch 1.2.7.76 and earlier, and Small Business 500 Series Stackable Managed Switch 1.2.7.76 and earlier allow remote attackers to cause a denial of service (SSL/TLS layer outage) via malformed (1) SSH or (2) SSL packets, aka Bug ID CSCua30246. The SSH implementation in multiple Cisco products contains a denial-of-service (DoS) vulnerability. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may be able to cause a denial-of-service (DoS). Cisco Small Business Switches is a small commercial switch device from Cisco. Cisco Small Business Switches has an unspecified error in handling SSH or SSL messages, allowing an attacker to exploit a vulnerability to send a specially crafted message to crash the service, causing a denial of service attack. Successful exploits may allow an attacker to cause denial-of-service conditions. This issue is tracked by Cisco Bug ID CSCua30246

Samsung is a South Korean Samsung Electronics company, founded in 1969. There is an overflow vulnerability triggered by SOAPACTION on the implementation of Samsung TV devices, which can be exploited by remote attackers to cause device crashes. Samsung TV is prone to denial-of-service vulnerability

The Samsung Galaxy S3 is a smartphone device from Samsung. The Samsung Galaxy S3 has a security vulnerability that allows an attacker to access all functions of the phone through multiple emergency call functions and a combination of HOME and POWER keys, bypassing the lock frequency limit. The Samsung Galaxy S3 is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and gain access to the device home screen

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. Citrix Access Gateway is a universal SSL VPN device

The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCue55093. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. This issue being tracked by Cisco Bug ID CSCue55093. Related to XML External Entity (XXE) issues

The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. D-Link DSL-2740B ADSL router is an ADSL router device. D-Link DSL-2740B routers are prone to a remote authentication-bypass vulnerability. D-Link DSL-2740B running firmware version EU_1.0 is vulnerable; other version may also be affected

Directory traversal vulnerability in the web interface on Foscam devices with firmware before 11.37.2.49 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI, as demonstrated by discovering (1) web credentials or (2) Wi-Fi credentials. ( Dot dot ) including URI Any file may be read via. Foscam is a webcam video recording device. Foscam has a path traversal vulnerability where an unauthenticated attacker can access the entire file system and steal network and WiFi credentials. Foscam is prone to a directory-traversal vulnerability. This may aid in further attacks. Foscam is a leading professional high-tech company providing IP video products and solutions

The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460. Cisco Aironet Access Points are Cisco's wireless access point and bridge devices. Allows an attacker to reload an affected device, causing a denial of service attack. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuc62460

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP SMD agent provides an interface for listening to and processing the P4 protocol. It is a proprietary SAP protocol that allows you to obtain some version and configuration information for configuring installed programs and installing/removing applications

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Enterprise Portal Federation configuration page does not properly handle validation, allowing for the disclosure of entire Portal schema information

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP J2EE core services provide various features through different protocols. A service lacks proper authentication and authorization, allowing remote unauthenticated attackers to read and write arbitrary files in the SIDADM user context

The D-Link DIR-645 is a router device. The D-Link DIR-645 application does not properly restrict access to certain scripts, allowing an attacker to exploit a vulnerability to submit a malicious request for sensitive information. D-Link DIR-645 routers are prone to a remote authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. D-Link DIR-645 running firmware prior to version 1.03 are vulnerable

The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.4.1.54 and earlier does not properly manage buffers, which allows remote authenticated users to cause a denial of service (device reload) via crafted mDNS packets, aka Bug ID CSCue04153. The Cisco WLC is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. The attacker can be triggered by an authenticated, physically close attacker, causing a denial of service. Successfully exploiting this issue allows remote attackers to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCue04153

The Samsung Galaxy S III is a popular smartphone device. Handling the HOME key in an emergency call contact has a security hole that allows an attacker to enable voice commands through key combinations, bypass password lock restrictions, and make calls and other operations.

The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309. The problem is Bug ID CSCub24309 It is a problem.Man-in-the-middle attacks (man-in-the-middle attack) Through any certificate ISE There is a possibility of impersonating a server. Cisco Network Admission Control is prone to a security-bypass vulnerability

Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. Successful exploits could allow a remote attacker to trigger a memory leak or cause denial of service condition resulting in the interruption of voice services. This issue is documented by the Cisco bug ID CSCtx43337. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. ( Bandwidth pool consumption and call termination ) There is a vulnerability that becomes a condition. The problem is Bug ID CSCub28920 It is a problem.A third party performs a cash poisoning attack on the transaction record and disrupts service operation ( Bandwidth pool consumption and call termination ) There is a possibility of being put into a state. Cisco Unified Communications Manager is prone to a denial-of-service vulnerability. Successful exploits will allow attackers to consume all bandwidth and deny calls resulting in denial-of-service conditions. This issue is documented by the Cisco bug ID CSCub28920. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources, potentially denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuc07155. Cisco Prime Central for HCS Assurance 8.6 and 9.0 are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis