VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202006-1144 CVE-2020-3353 Cisco Identity Services Engine Race condition vulnerabilities in CVSS V2: 4.3
CVSS V3: 5.9
Severity: MEDIUM
A vulnerability in the syslog processing engine of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a race condition that may occur when syslog messages are processed. An attacker could exploit this vulnerability by sending a high rate of syslog messages to an affected device. A successful exploit could allow the attacker to cause the Application Server process to crash, resulting in a DoS condition. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies
VAR-202006-1151 CVE-2020-3200 Cisco IOS  and  IOS XE  Software Interpretation Conflict Vulnerability CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. The vulnerability is due to an internal state not being represented correctly in the SSH state machine, which leads to an unexpected behavior. An attacker could exploit this vulnerability by creating an SSH connection to an affected device and using a specific traffic pattern that causes an error condition within that connection. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco IOS and IOS XE An interpretation conflict vulnerability exists in the software.Service operation interruption (DoS) It may be in a state
VAR-202006-1148 CVE-2020-3201 Cisco IOS and IOS XE Input verification vulnerabilities in software CVSS V2: 4.9
CVSS V3: 6.0
Severity: MEDIUM
A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by executing crafted Tcl arguments on an affected device. An exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition
VAR-202006-1099 CVE-2020-3232 Cisco ASR 920 Series Aggregation Service Router Models ASR920-12SZ-IM Input verification vulnerability in CVSS V2: 6.8
CVSS V3: 7.7
Severity: HIGH
A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition
VAR-202006-0145 CVE-2020-13786 D-Link DIR-865L Ax Beta Cross-site request forgery vulnerability in device CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
D-Link DIR-865L Ax Beta A cross-site request forgery vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. A remote attacker can use the malformed HTTP request to exploit the vulnerability to perform illegal operations
VAR-202006-1715 CVE-2020-9074 plural Huawei Vulnerability in handling exceptional conditions in smartphone products CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. are all smartphones of the Chinese company Huawei. The vulnerability stems from the failure of the phone to properly handle exceptions
VAR-202006-1101 CVE-2020-3234 Cisco IOS Vulnerabilities in the use of hard-coded credentials in software CVSS V2: 7.2
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. Cisco IOS The software contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco 1000 Series Connected Grid Routers (CGR1000) is a 1000 series Internet Grid Router from Cisco
VAR-202006-1110 CVE-2020-3257 Cisco IOS Input verification vulnerabilities in software CVSS V2: 4.8
CVSS V3: 8.1
Severity: HIGH
Multiple vulnerabilities in the Cisco IOx application environment of Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) that are running Cisco IOS Software could allow an attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS The software contains an input verification vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. are all products of the United States Cisco (Cisco) company. Cisco 1000 Series Connected Grid Routers is a 1000 series Internet grid router. Cisco IOS Software is a set of software developed for its network equipment running on it. An attacker can use this vulnerability to execute arbitrary code with higher authority
VAR-202006-0143 CVE-2020-13782 D-Link DIR-865L operating system command injection vulnerability CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. D-Link DIR-865L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-865L is a wireless router from D-Link, Taiwan. An attacker can use the vulnerability to execute arbitrary shell commands by sending a specially crafted request
VAR-202006-1077 CVE-2020-3210 Cisco IOS In software OS Command injection vulnerabilities CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Cisco IOS The software OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco IOS is a set of operating systems developed by Cisco in the United States for its network equipment
VAR-202006-1073 CVE-2020-3205 Cisco IOS Input verification vulnerabilities in software CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, adjacent attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The vulnerability is due to insufficient validation of signaling packets that are destined to VDS. An attacker could exploit this vulnerability by sending malicious packets to an affected device. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. Because the device is designed on a hypervisor architecture, exploitation of a vulnerability that affects the inter-VM channel may lead to a complete system compromise. For more information about this vulnerability, see the Details section of this advisory. Cisco IOS The software contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco 809 Industrial Integrated Services Routers, etc. are all products of the United States Cisco (Cisco) company. Cisco 1000 Series Connected Grid Routers is a 1000 series Internet grid router. Cisco IOS Software is a set of software developed for its network equipment running on it. Cisco 809 Industrial ISRs, 829 Industrial ISRs, and IOS Software's inter-VM channel in CGR1000 have input verification error vulnerabilities
VAR-202006-1813 CVE-2020-3258 Cisco IOS Buffer error vulnerability in software CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco 809 Industrial Integrated Services Routers, etc. are all products of the United States Cisco (Cisco) company. Cisco 809 Industrial Integrated Services Routers is an industrial integrated multi-service router. Cisco 829 Industrial Integrated Services Routers is an industrial integrated multi-service router. Cisco 1000 Series Connected Grid Routers is a 1000 series Internet grid router. Cisco IOS Software is a set of software developed for its network equipment running on it. The Cisco 809 Industrial ISRs, 829 Industrial ISRs, and the IOS Software diagnostic check CLI command in CGR1000 have a buffer overflow vulnerability. An attacker can use the vulnerability to execute arbitrary code by performing identity verification and sending diagnostic detection commands
VAR-202006-1854 CVE-2020-13783 D-Link DIR-865L Information leakage vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. D-Link DIR-865L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. The vulnerability results from the program storing sensitive information in plain text
VAR-202006-0144 CVE-2020-13785 D-Link DIR-865L encryption problem vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. D-Link DIR-865L is a wireless router from D-Link, Taiwan. Remote attackers can use this vulnerability to obtain sensitive information
VAR-202006-1853 CVE-2020-13784 D-Link DIR-865L Cryptographic weakness on the device PRNG Vulnerability in using CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. D-Link DIR-865L The device is vulnerable to cryptography PRNG There is a vulnerability in the use of.Information may be obtained. D-Link DIR-865L is a wireless router from D-Link, Taiwan. There is currently no detailed vulnerability details provided
VAR-202006-1157 CVE-2020-3198 Cisco IOS Buffer error vulnerability in software CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco 809 Industrial Integrated Services Routers, etc. are all products of the United States Cisco (Cisco) company. Cisco 809 Industrial Integrated Services Routers is an industrial integrated multi-service router. Cisco 829 Industrial Integrated Services Routers is an industrial integrated multi-service router. Cisco 1000 Series Connected Grid Routers is a 1000 series Internet grid router. Cisco IOS Software is a set of software developed for its network equipment running on it. Cisco 809 Industrial ISRs, 829 Industrial ISRs, and the IOS Software code area (management of signaling between virtual machines) in CGR1000 has a buffer overflow vulnerability that originates from a wrong boundary check. A remote attacker can exploit the vulnerability by sending a malicious data packet to cause the system to crash and reload
VAR-202006-1098 CVE-2020-3231 Cisco Catalyst 2960-L Series Switches and CDB-8P Switches access control error vulnerability CVSS V2: 2.9
CVSS V3: 4.7
Severity: MEDIUM
A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication
VAR-202006-1136 CVE-2020-3333 Cisco Application Services Engine Vulnerability in lack of authentication for critical functions in software CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in the API of Cisco Application Services Engine Software could allow an unauthenticated, remote attacker to update event policies on an affected device. The vulnerability is due to insufficient authentication of users who modify policies on an affected device. An attacker could exploit this vulnerability by crafting a malicious HTTP request to contact an affected device. A successful exploit could allow the attacker to update event policies on the affected device
VAR-202006-1137 CVE-2020-3335 Cisco Application Services Engine Vulnerability in lack of authentication for critical functions in software CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
A vulnerability in the key store of Cisco Application Services Engine Software could allow an authenticated, local attacker to read sensitive information of other users on an affected device. The vulnerability is due to insufficient authorization limitations. An attacker could exploit this vulnerability by logging in to an affected device locally with valid credentials. A successful exploit could allow the attacker to read the sensitive information of other users on the affected device
VAR-202006-1112 CVE-2020-3267 Cisco Unified Contact Center Express Vulnerability in externally accessible files or directories in CVSS V2: 5.5
CVSS V3: 7.1
Severity: HIGH
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. This component supports functions such as self-service voice service, call distribution, and customer access control