VARIoT IoT vulnerabilities database

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases. Juniper Networks Junos OS Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. The operating system provides a secure programming interface and Junos SDK. There is a security vulnerability in Junos OS, which can be exploited by an attacker to trigger a fatal error through IPSec spoofing packet SRX to trigger a denial of service

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2. Juniper Networks Junos OS Input confirmation vulnerabilityInformation is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Junos OS that could be exploited by an attacker to run code through the DHCPv6 relay agent

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. Qualcomm QCMAP Software suite OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands

TEWA-600NGM is a telecom optical modem. TEWA-600NGM has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks. Windows for Citrix Gateway The plugin contains a vulnerability related to permission management.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. HUAWEI Mate 20 Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HUAWEI Mate 20 is a smart phone launched by Huawei. The vulnerability stems from insufficient input validation. An attacker can use this vulnerability to implement code execution through a specially crafted Bluetooth message after successful pairing

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG host. Any private keys logged in this way could be viewed by those with access to the DNG host operating system without any need for reversing encrypted values or similar techniques. An attacker that gained access to the DNG logs and with the ability to intercept and manipulate network traffic between a user and the DNG, could decrypt and manipulate SSL/TLS connections to the DNG and to the protected applications behind it. Duo Network Gateway (DNG) versions 1.3.3 through 1.5.7 are affected. Program SSL/TLS connections

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. Taurus-AN00B Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 (5G) Taurus-AN00B is the official firmware of Huawei Mate 30 (5G)

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Windows for Citrix Gateway The plugin contains a vulnerability related to permission management.Information may be tampered with. Citrix Systems Gateway (Citrix Systems NetScaler Gateway) is a set of secure remote access solutions from Citrix Systems. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. HUAWEI Mate 20 Is vulnerable to injection.Information may be tampered with. Huawei Mate 20 is a smartphone of China's Huawei (Huawei) company

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process. E6878-370 and E6878-870 Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei (Huawei) company. The vulnerability is caused by the system's failure to check when the user processes an event. Attackers can use the vulnerability to cause the process to restart

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. There is a security vulnerability in FasterXML Jackson Databind, which can be exploited by an attacker to transmit malicious XML data to FasterXML Jackson Databind to read files, scan sites, or trigger a denial of service. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Security Fix(es): * xmlgraphics-commons: SSRF due to improper input validation by the XMPParser (CVE-2020-11988) * xstream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351) * xstream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343) * xstream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259) * xstream: ReDoS vulnerability (CVE-2021-21348) * xstream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258) * xstream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349) * xstream: SSRF via crafted input stream (CVE-2021-21342) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) * xstream: allow a remote attacker to execute arbitrary code only by manipulating the processed input stream (CVE-2021-21350) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21346) * xstream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21347) * xstream: allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream (CVE-2021-21345) * xstream: arbitrary code execution via crafted input stream (CVE-2021-21344) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1887664 - CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1908837 - CVE-2020-26259 XStream: arbitrary file deletion on the local host when unmarshalling 1933816 - CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser 1942539 - CVE-2021-21341 XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream 1942545 - CVE-2021-21342 XStream: SSRF via crafted input stream 1942550 - CVE-2021-21343 XStream: arbitrary file deletion on the local host via crafted input stream 1942554 - CVE-2021-21344 XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet 1942558 - CVE-2021-21345 XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry 1942578 - CVE-2021-21346 XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue 1942629 - CVE-2021-21347 XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator 1942633 - CVE-2021-21348 XStream: ReDoS vulnerability 1942635 - CVE-2021-21349 XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host 1942637 - CVE-2021-21350 XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader 1942642 - CVE-2021-21351 XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream 5. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. The References section of this erratum contains a download link (you must log in to download the update). JIRA issues fixed (https://issues.jboss.org/): JBEAP-20029 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00011 to 2.9.0.redhat-00016 JBEAP-20089 - [GSS] (7.3.z) Upgrade undertow from 2.0.31.SP1-redhat-00001 to 2.0.32.SP1-redhat JBEAP-20119 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.18.Final-redhat-00001 to 5.0.19.Final-redhat-00001 JBEAP-20161 - [GSS](7.3.z) Upgrade XNIO from 3.7.9.Final to 3.7.11.Final JBEAP-20239 - [GSS](7.3.z) Upgrade Hibernate Validator from 6.0.20.Final to 6.0.21.Final JBEAP-20246 - [GSS](7.3.z) Upgrade JBoss Marshalling from 2.0.9.Final to 2.0.10.Final JBEAP-20285 - [GSS](7.3.z) Upgrade HAL from 3.2.10.Final-redhat-00001 to 3.2.11.Final JBEAP-20300 - (7.3.z) Upgrade jasypt from 1.9.3-redhat-00001 to 1.9.3-redhat-00002 JBEAP-20325 - (7.3.z) Upgrade WildFly Arquillian to 3.0.1.Final for the ts.bootable profile JBEAP-20364 - (7.3.z) Upgrade com.github.fge.msg-simple to 1.1.0.redhat-00007 and com.github.fge.btf to 1.2.0.redhat-00007 JBEAP-20368 - (7.3.z) Upgrade Bootable JAR Maven plugin to 2.0.1.Final 6. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. For further information, refer to the release notes linked to in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3 security update Advisory ID: RHSA-2020:4401-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4401 Issue date: 2020-10-28 CVE Names: CVE-2020-25649 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch Red Hat JBoss EAP 7.3 for RHEL 7 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Security Fix(es): * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. You must restart the JBoss server process for the update to take effect. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el6eap.src.rpm noarch: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el6eap.noarch.rpm Red Hat JBoss EAP 7.3 for RHEL 7 Server: Source: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el7eap.src.rpm noarch: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el7eap.noarch.rpm Red Hat JBoss EAP 7.3 for BaseOS-8: Source: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el8eap.src.rpm noarch: eap7-jackson-databind-2.10.4-1.redhat_00002.1.el8eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-25649 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX5nedtzjgjWX9erEAQihgw/+MXWo2xSlKGb26kVZ/6AJkGFqWg08PBGT 41BtWXVTzE63SSMzxytr14FBb2wAVi41omkR2YHaQluBppfua7kknVtixcXfIRAb xo1HqDFrwCV14ar+KW3kNpCvacNCk2uIKiBrrEU7S3dCkkjkMaDN0CmPPO/MPf29 Dli620ks3jDYpttFIfWvvrbmh0z94Fa0YQVTY0z0D5wANAHoyT2W8t91tctfFHk2 XC4Kb5ZS1eDdmI2LWY5/MDe/OStVlqrZVlOWQoi2yW7wXffSYVtI9vFg/r88cnz2 eG7w61SrSCFIDfdYjvDAbAwdQSGkfiaxt5MJMJW9nkAAwd/7Q1rV68NChBHXQv+z 5wRr4pLBwSpPXA2sI9jXcOx/AhbHUVMwUMv0Y9vpQTELrGpuouoza5FjAhIAj0u9 3EVf+AxJ7ZMOBHoQy5IaagaFc3I94ABzh137yXf5rIzWY20JotZtkpK8hMyZRW+A HTb/u6IKmZMtWMB2uNZLEY7g0WdfleAv41LtY5Ak3ncT8Erewsl/Y8d/NcuYIKKw aK5Nnuw/QaaUqdL3A8vAIhfistnTBusAClbtXbm3foqlwvnYvoI1QpCQGmKBDMxk 0ec3r+N8DoxKaGGlgU9OnboBR6Y8Fn20TVbM/gWcLTAh1k+7qz0+40oo3fN28e70 QflDa/Y0Kr4= =TNRp -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue. Windows Logon installer Is vulnerable to handling exceptional conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Duo Network Gateway (DNG) is an access control software developed by Duo Corporation in the United States for accessing internal web applications. The Duo Authentication Windows Logon and RDP implementation has a security vulnerability that stems from a privilege escalation vulnerability in the two-factor authentication implemented

An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). This vulnerability allows remote attackers to execute arbitrary code on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. LAquis SCADA is a set of SCADA software for monitoring and data acquisition. Versions prior to LAquis SCADA 4.3.1.870 have an out-of-bounds read vulnerability

The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has weak password requirement vulnerability. No detailed vulnerability details are currently provided. A remote attacker could exploit this vulnerability to launch further attacks on the system

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The firmware of MOXA NPort IAW5000A-I/O Series 2.1 and earlier has a vulnerability in the plaintext transmission of sensitive information. Attackers can use this vulnerability to obtain sensitive information

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The vulnerability stems from the built-in Web server allowing SSH/Telnet sessions

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. The MOXA NPort IAW5000A-I/O Series 2.1 and earlier firmware has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. NPort IAW5000A-I/O The series is Moxa It is an industrial equipment provided by. NPort IAW5000A-I/O There are several vulnerabilities in the series: * Session immobilization (CWE-384) - CVE-2020-25198 * Inappropriate authority management (CWE-269) - CVE-2020-25194 * Weak password request (CWE-521) - CVE-2020-25153 * Sending important information in clear text (CWE-319) - CVE-2020-25190 * Insufficient limit on the number of authentication attempts (CWE-307) - CVE-2020-25196 * information leak (CWE-200) - CVE-2020-25192The expected impact depends on each vulnerability, but it may be affected as follows. * By a remote third party, Cookie Stealed and hijacked session - CVE-2020-25198 * Of the product Web Performs functions that require administrator privileges by general users who access the server - CVE-2020-25194 * User credentials with insufficient password strength can be easily guessed - CVE-2020-25153 * By a remote third party Web External service credentials stored on the server are stolen - CVE-2020-25190 * By brute force attack SSH Or Telnet Log in to the system via - CVE-2020-25196 * By a remote third party Web Sensitive information on the server is stolen - CVE-2020-25192. An attacker with user rights can use this vulnerability to execute requests with administrative rights

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected. plural Lenovo and IBM System x For server products, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. IBM System x servers is a server from International Business Machines Corporation (IBM). No detailed vulnerability details are currently provided. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system