VARIoT IoT vulnerabilities database

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco UCS C A series rack server contains a vulnerability related to digital signature verification.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco UCS C-Series is a C series rack server from Cisco (USA). The following products and versions are affected: Firepower Management Center (FMC) 1000; Firepower Management Center (FMC) 2500; Firepower Management Center (FMC) 4500; Secure Network Server 3500 Series Appliances; Secure Network Server 3600 Series Appliances; Threat Grid 5504 Appliance

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root. (DoS) It may be in a state. Cisco Unified Contact Center Express (Unified CCX) is a customer relationship management component in a unified communication solution of Cisco (Cisco). This component supports functions such as self-service voice service, call distribution, and customer access control. A code issue vulnerability exists in Cisco Unified CCX releases prior to 12.5(1) where the program does not adequately restrict what is uploaded to an affected system. I've quoted the Cisco summary below as it's pretty accurate. tl;dr is an admin user on the web console can gain command execution and then escalate to root. If this is an issue in your environment, then please patch. Thanks to Cisco PSIRT who were responsive and professional. Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a thing on advisories

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. AsyncOS Software is a set of operating systems running on it

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. This device is mainly used to manage all policies, reports, audit information, etc. of email and web security devices. AsyncOS Software is a set of operating systems running on it

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of endpoint data stored in logs used by the web-based interface. An attacker could exploit this vulnerability by sending malicious endpoint data to the targeted system. An exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Finesse Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Cisco Finesse is a set of call center management software developed by Cisco

CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products. In some special cases, an authenticated attacker can exploit this vulnerability because the software processes data improperly. Successful exploitation may lead to information leakage. Huawei CloudEngine 12800 is a 12800 series data center switch from Huawei of China. An information disclosure vulnerability exists in Huawei CloudEngine 12800, which originates from improper processing of data

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. MailMarshal To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Trustwave MailMarshal is a set of e-mail security gateway products from Trustwave of the United States. Attackers can use this vulnerability to execute arbitrary commands on the system

Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. Provided by NEC Corporation Aterm WG2600HS Is vulnerable to several vulnerabilities: ・ Cross-site scripting (CWE-79) - CVE-2020-5533 ・ OS Command injection (CWE-78) - CVE-2020-5534 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2020-5533 ・ Of the product HTTP Depending on the user who can log in to the service root Arbitrary with authority OS Command is executed - CVE-2020-5534. NEC Aterm WG2600HS is a wireless router from NEC Corporation. The operating system command injection vulnerability exists in NEC Aterm WG2600HS version 1.3.2. The vulnerability stems from the process of externally inputting data to construct the executable command of the operating system, and the network system or product did not properly filter the special characters and commands. An attacker could use this vulnerability to execute illegal operating system commands

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. Provided by NEC Corporation Aterm WF1200CR , WG1200CR and WG2600HS To the following multiple OS A command injection vulnerability exists. ・ UPnP In function OS Command injection (CWE-78) - CVE-2020-5524 ・ On the management screen OS Command injection (CWE-78) - CVE-2020-5525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Nippon Telegraph and Telephone Corporation Fujita Rintaro Mr. Kamiyama Takayuki MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Of the product UPnP Depending on the user who has access to the feature's interface root Arbitrary with authority OS Command is executed - CVE-2020-5524 -By a user who can access the management screen of the product root Arbitrary with authority OS Command is executed - CVE-2020-5525. NEC Aterm WF1200C and others are wireless routers from NEC Corporation. There is an operating system command injection vulnerability in NEC Aterm WF1200C 1.2.1 and earlier versions, Aterm WG1200CR 1.2.1 and earlier versions and Aterm WG2600HS 1.3.2 and earlier versions, which originated from the process of externally inputting data to construct the operating system executable commands , The network system or product does not properly filter the special characters, commands, etc. An attacker could use this vulnerability to execute illegal operating system commands

Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. Provided by NEC Corporation Aterm WF1200CR , WG1200CR and WG2600HS To the following multiple OS A command injection vulnerability exists. ・ UPnP In function OS Command injection (CWE-78) - CVE-2020-5524 ・ On the management screen OS Command injection (CWE-78) - CVE-2020-5525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Nippon Telegraph and Telephone Corporation Fujita Rintaro Mr. Kamiyama Takayuki MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Of the product UPnP Depending on the user who has access to the feature's interface root Arbitrary with authority OS Command is executed - CVE-2020-5524 -By a user who can access the management screen of the product root Arbitrary with authority OS Command is executed - CVE-2020-5525. NEC Aterm WF1200C and others are wireless routers from NEC Corporation. There is an operating system command injection vulnerability in NEC Aterm WF1200C 1.2.1 and earlier versions, Aterm WG1200CR 1.2.1 and earlier versions and Aterm WG2600HS 1.3.2 and earlier versions, which originated from the process of externally inputting data to construct the operating system executable commands , The network system or product does not properly filter the special characters, commands, etc. An attacker could use this vulnerability to execute illegal operating system commands

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Provided by NEC Corporation Aterm WG2600HS Is vulnerable to several vulnerabilities: ・ Cross-site scripting (CWE-79) - CVE-2020-5533 ・ OS Command injection (CWE-78) - CVE-2020-5534 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Nagaoka Satoru MrThe expected impact depends on each vulnerability, but it may be affected as follows. -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2020-5533 ・ Of the product HTTP Depending on the user who can log in to the service root Arbitrary with authority OS Command is executed - CVE-2020-5534. NEC Aterm WG2600HS is a wireless router from NEC Corporation. There is a cross-site scripting vulnerability in NEC Aterm WG2600HS version 1.3.2, which originates from the lack of correct verification of client data by web applications. An attacker could use this vulnerability to execute client code

Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. Hitron CODA-4582U A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. Hitron Technologies CODA-4582U is a modem from Hitron Technologies of Taiwan, China. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link while having an active session on an affected device. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. (DoS) It may be put into a state. Cisco Data Center Network Manager ( DCNM ) is Cisco ( Cisco ) company's data center management system. The system is suitable for Cisco Nexus and MDS Series of switches that provide storage visualization, configuration, and troubleshooting capabilities

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. (DoS) It may be put into a state. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. Cisco Meeting Server The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state