VARIoT IoT vulnerabilities database

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a malicious SIP packet through an affected device. A successful exploit could allow the attacker to trigger an integer underflow, causing the software to try to read unmapped memory and resulting in a crash. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC prior to 6.1.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC prior to 6.1.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC prior to 6.1.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC prior to 6.1.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC prior to 6.1.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco. The following products and versions are affected: Cisco FMC Release 6.0.0, Release 6.2.0, Release 6.2.1, Release 6.2.2

A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Firepower System The software contains an input validation vulnerability.Information may be tampered with. Cisco Firepower System中的检测引擎存在安全漏洞，该漏洞源于对RTF文件内容的错误检测。远程攻击者可通过发送恶意的RTF文件利用该漏洞绕过对RTF文件类型所配置的恶意软件和文件策略。以下产品及版本受到影响：Cisco 3000 Series Industrial Security Appliances (ISAs)；Adaptive Security Appliance (ASA) 5500-X Series Firewalls；ASA 5500-X Series with FirePOWER Services；Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances；AMP for Networks for FirePOWER 8000 Series Appliances；Firepower 2100 Series；Firepower 4100 Series；Firepower 1000 Series Appliances；FirePOWER 7000 Series Appliances；FirePOWER 8000 Series Appliances；Firepower 9300 Security Appliances；Firepower Threat Defense for Integrated Services Routers (ISRs)；FTD Virtual (FTDv)；Next-Generation Intrusion Prevention System (NGIPS)

Multiple vulnerabilities in the Cisco Firepower System Software Detection Engine could allow an unauthenticated, remote attacker to bypass configured Malware and File Policies for RTF and RAR file types. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Firepower System The software contains an input validation vulnerability.Information may be tampered with. Cisco Firepower System中的检测引擎存在安全漏洞，该漏洞源于对RTF文件内容的错误检测。远程攻击者可通过发送恶意的RTF文件利用该漏洞绕过对RTF文件类型所配置的恶意软件和文件策略。以下产品及版本受到影响：3000 Series Industrial Security Appliances (ISAs)；Adaptive Security Appliance (ASA) 5500-X Series Firewalls；ASA 5500-X Series with FirePOWER Services；Advanced Malware Protection (AMP) for Networks for FirePOWER 7000 Series Appliances；AMP for Networks for FirePOWER 8000 Series Appliances；Firepower 2100 Series；Firepower 4100 Series；Firepower 1000 Series Appliances；FirePOWER 7000 Series Appliances；FirePOWER 8000 Series Appliances；Firepower 9300 Security Appliances；Firepower Threat Defense for Integrated Services Routers (ISRs)；FTD Virtual (FTDv)；Next-Generation Intrusion Prevention System (NGIPS)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass Cisco FMC Software security restrictions and gain access to the underlying filesystem of the affected device

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user of the underlying operating system. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input in the web UI. A successful exploit could allow an attacker to execute arbitrary commands on the device with full root privileges. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. Cisco Firepower Threat Defense (FTD) The software contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. Cisco Firepower Management Center (FMC) Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower Management Center (FMC) is a new generation of firewall management center software from Cisco

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. plural Cisco Unified Communications The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The following products and versions are affected: Unified Communications Manager Session Management Edition (SME) 10.5(2) and prior, 11.5(1)SU5 and prior, 12.5(1) and prior; Unified Communications Manager 10.5(2) and prior Versions, 11.5(1)SU5 and prior, 12.5(1) and prior; Unified Communications Manager IM & Presence Service (IM&P) 11.5(1)SU5 and prior, 12.5(1) and prior; Unity Connection 11.5( 1) SU5 and earlier versions, 12.5(1) and earlier versions

A vulnerability in the WebVPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for a specific WebVPN HTTP page request. An attacker could exploit this vulnerability by sending multiple WebVPN HTTP page load requests for a specific URL. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition, which could cause traffic to be delayed through the device. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides features such as highly secure access to data and network resources