Weekly Vulnerabilities Reports > February 17 to 23, 2014

Overview

54 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 51 products from 29 vendors including Cisco, Belkin, Apple, IBM, and Adobe. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Cryptographic Issues", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 50 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 49 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

6 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-22 CVE-2014-0721 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified SIP Phone 3905

The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.

10.0
2014-02-22 CVE-2013-6952 Belkin Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769

The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.

10.0
2014-02-21 CVE-2014-0498 Adobe
Apple
Microsoft
Linux
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2014-02-22 CVE-2014-0709 Cisco Credentials Management vulnerability in Cisco UCS Director

Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded password for the root account, which makes it easier for remote attackers to obtain administrative access via an SSH session to the CLI interface, aka Bug ID CSCui73930.

9.3
2014-02-22 CVE-2013-6949 Belkin Permissions, Privileges, and Access Controls vulnerability in Belkin Wemo Home Automation Firmware 2769

The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.

9.3
2014-02-18 CVE-2014-1861 Jetroplatforms Improper Input Validation vulnerability in Jetroplatforms Jetro Cockpit Secure Browsing 4.3.1/4.3.3

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.

9.3

16 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-21 CVE-2014-0502 Adobe
Suse
Opensuse
Redhat
Double Free vulnerability in multiple products

Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.

8.8
2014-02-22 CVE-2014-0719 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IPS Sensor Software

The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.

7.8
2014-02-22 CVE-2013-6950 Belkin Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769

The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server.

7.8
2014-02-22 CVE-2013-6948 Belkin Code Injection vulnerability in Belkin Wemo Home Automation Firmware 2769

The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

7.8
2014-02-21 CVE-2014-0499 Adobe
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.

7.8
2014-02-22 CVE-2014-0818 Autodesk Code Injection vulnerability in Autodesk Autocad

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.

7.5
2014-02-20 CVE-2014-0734 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager

SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.

7.5
2014-02-18 CVE-2014-1903 Freepbx
Sangoma
Permissions, Privileges, and Access Controls vulnerability in multiple products

admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.

7.5
2014-02-17 CVE-2012-0270 Csounds Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Csounds Csound

Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.

7.5
2014-02-17 CVE-2011-3604 Litech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Litech Router Advertisement Daemon

The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.

7.5
2014-02-17 CVE-2011-3601 Litech Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Litech Router Advertisement Daemon

Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.

7.5
2014-02-22 CVE-2014-1266 Apple Improper Certificate Validation vulnerability in Apple Iphone OS, mac OS X and Tvos

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step.

7.4
2014-02-22 CVE-2014-0720 Cisco Improper Input Validation vulnerability in Cisco IPS Sensor Software

Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via a flood of jumbo frames, aka Bug ID CSCuh94944.

7.1
2014-02-22 CVE-2014-0718 Cisco Improper Input Validation vulnerability in Cisco IPS Sensor Software

The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (Analysis Engine process outage) via fragmented packets, aka Bug ID CSCui91266.

7.1
2014-02-22 CVE-2014-0710 Cisco Race Condition vulnerability in Cisco Firewall Services Module Software

Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (device reload) via certain matching traffic, aka Bug ID CSCuj16824.

7.1
2014-02-22 CVE-2013-6951 Belkin Cryptographic Issues vulnerability in Belkin Wemo Home Automation Firmware 2769

The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.509 certificate.

7.1

28 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-22 CVE-2014-0730 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System Central Software

Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.

6.8
2014-02-20 CVE-2014-0080 Rubyonrails SQL Injection vulnerability in Rubyonrails Rails

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

6.8
2014-02-20 CVE-2014-0736 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Manager

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.

6.8
2014-02-21 CVE-2014-1910 Citrix Cryptographic Issues vulnerability in Citrix Sharefile Mobile and Sharefile Mobile for Tablets

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2014-02-20 CVE-2013-4420 Feep Path Traversal vulnerability in Feep Libtar

Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a ..

5.8
2014-02-18 CVE-2013-6396 Openstack Cryptographic Issues vulnerability in Openstack Swift

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2014-02-17 CVE-2011-0528 Puppet Permissions, Privileges, and Access Controls vulnerability in Puppet

Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.

5.5
2014-02-22 CVE-2014-0854 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Cognos Business Intelligence

The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5.0
2014-02-22 CVE-2014-0731 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Unified Communications Manager

The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.

5.0
2014-02-20 CVE-2014-0733 Cisco Improper Authentication vulnerability in Cisco Unified Communications Manager

The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

5.0
2014-02-20 CVE-2014-0082 Rubyonrails Improper Input Validation vulnerability in Rubyonrails Rails and Ruby ON Rails

actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.

5.0
2014-02-20 CVE-2014-0732 Cisco Improper Authentication vulnerability in Cisco Unified Communications Manager

The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.

5.0
2014-02-18 CVE-2014-2020 PHP Numeric Errors vulnerability in PHP

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

5.0
2014-02-18 CVE-2014-0627 EMC
Dell
Cryptographic Issues vulnerability in multiple products

The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.

5.0
2014-02-18 CVE-2014-0626 Dell
EMC
Cryptographic Issues vulnerability in multiple products

The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.

5.0
2014-02-18 CVE-2014-0625 EMC
Dell
Resource Management Errors vulnerability in multiple products

The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.

5.0
2014-02-17 CVE-2011-3605 Litech Improper Input Validation vulnerability in Litech Router Advertisement Daemon

The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.

5.0
2014-02-18 CVE-2014-2019 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

4.9
2014-02-22 CVE-2014-0819 Autodesk Improper Input Validation vulnerability in Autodesk Autocad

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

4.4
2014-02-22 CVE-2014-0811 Blackboard Cross-Site Scripting vulnerability in Blackboard Vista/Ce 8.0

Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-02-22 CVE-2014-0737 Cisco Improper Authentication vulnerability in Cisco Unified IP Phone 7960G

The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.

4.3
2014-02-22 CVE-2013-6732 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

4.3
2014-02-20 CVE-2014-0081 Rubyonrails
Opensuse
Opensuse Project
Redhat
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

4.3
2014-02-20 CVE-2014-0735 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager

Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

4.3
2014-02-17 CVE-2014-2018 Mozilla Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.

4.3
2014-02-17 CVE-2013-6674 Mozilla Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.

4.3
2014-02-17 CVE-2013-1070 Ubuntu Cross-Site Scripting vulnerability in Ubuntu Metal AS A Service 1.2/1.4

Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.

4.3
2014-02-17 CVE-2011-4083 Redhat Cryptographic Issues vulnerability in Redhat SOS

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-02-22 CVE-2014-0861 IBM Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence

Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button.

3.5
2014-02-22 CVE-2013-6734 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Extreme Scale Client

IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.

3.5
2014-02-20 CVE-2014-1879 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

3.5
2014-02-17 CVE-2013-1069 Ubuntu Permissions, Privileges, and Access Controls vulnerability in Ubuntu Metal AS A Service 1.2/1.4

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

2.1