Weekly Vulnerabilities Reports > July 27 to August 2, 2015

Overview

32 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 51 products from 15 vendors including Cisco, Symantec, Webservice DIC, Google, and Dhcpcd Project. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 28 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 23 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-01 CVE-2015-1492 Symantec Improper Input Validation vulnerability in Symantec Endpoint Protection Manager 12.1.0

Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.

8.5
2015-08-01 CVE-2015-1489 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager 12.1.0

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.

8.5
2015-08-01 CVE-2015-4291 Cisco Resource Management Errors vulnerability in Cisco IOS XE

Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617.

7.8
2015-07-29 CVE-2015-5477 ISC Data Processing Errors vulnerability in ISC Bind

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

7.8
2015-08-01 CVE-2015-5618 Chiyutw Permissions, Privileges, and Access Controls vulnerability in Chiyutw Bf-630 and Bf-630W

Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871.

7.5
2015-08-01 CVE-2015-2871 Chiyu Permissions, Privileges, and Access Controls vulnerability in Chiyu Bf-660C

Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618.

7.5
2015-08-01 CVE-2015-1486 Symantec Improper Authentication vulnerability in Symantec Endpoint Protection Manager 12.1.0

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.

7.5
2015-07-29 CVE-2015-2979 Webservice DIC OS Command Injection vulnerability in Webservice-Dic Yoyaku 41

Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

7.5
2015-07-29 CVE-2015-2977 Webservice DIC Improper Input Validation vulnerability in Webservice-Dic Yoyaku 41

Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

7.5
2015-08-01 CVE-2015-2890 Dell Local Security vulnerability in Dell BIOS Implementation

The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692.

7.2

20 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-07-30 CVE-2014-7913 Dhcpcd Project
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dhcpcd Project Dhcpcd

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.

6.8
2015-07-30 CVE-2014-7912 Dhcpcd Project
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dhcpcd Project Dhcpcd

The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.

6.8
2015-08-01 CVE-2015-4289 Cisco Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

6.4
2015-08-01 CVE-2015-1491 Symantec SQL Injection vulnerability in Symantec Endpoint Protection Manager 12.1.0

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

6.0
2015-08-01 CVE-2015-1490 Symantec Path Traversal vulnerability in Symantec Endpoint Protection Manager 12.1.0

Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.

5.5
2015-08-01 CVE-2015-1487 Symantec Improper Input Validation vulnerability in Symantec Endpoint Protection Manager 12.1.0

The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.

5.5
2015-07-30 CVE-2015-4293 Cisco Resource Management Errors vulnerability in Cisco IOS XE

The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

5.0
2015-07-29 CVE-2015-4286 Cisco Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.3(0.99)

The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.

5.0
2015-07-29 CVE-2015-2978 Webservice DIC Improper Authentication vulnerability in Webservice-Dic Yoyaku 41

Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

5.0
2015-07-29 CVE-2015-4287 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Extensible Operating System 1.1(1.86)

Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.

5.0
2015-07-29 CVE-2015-2974 Lemon S PHP Improper Input Validation vulnerability in Lemon-S PHP Gazou BBS Plus 2.35

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.

5.0
2015-07-29 CVE-2015-4290 Cisco
Apple
Buffer Errors vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

4.9
2015-07-27 CVE-2015-4692 Linux Denial of Service vulnerability in Linux Kernel KVM 'kvm_apic_has_events()' Function

The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

4.9
2015-08-01 CVE-2015-4294 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 10.5(1)/9.0(1)/9.1(1)

Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.

4.3
2015-08-01 CVE-2015-4292 Cisco Cross-Site Scripting vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance 10.6(2)

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818.

4.3
2015-08-01 CVE-2015-2870 Chiyutw Cross-Site Scripting vulnerability in Chiyutw Bf-630, Bf-630W and Bf-660C

Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.

4.3
2015-07-29 CVE-2015-4288 Cisco Cryptographic Issues vulnerability in Cisco products

The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470.

4.3
2015-07-29 CVE-2015-0732 Cisco Cross-Site Scripting vulnerability in Cisco products

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.

4.3
2015-08-01 CVE-2015-4295 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager 10.5(3.10000.9)

The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.

4.0
2015-08-01 CVE-2015-1488 Symantec Information Exposure vulnerability in Symantec Endpoint Protection Manager 12.1.0

An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-08-01 CVE-2015-1904 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager

IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.

3.5
2015-08-01 CVE-2015-1009 Indusoft
Wonderware
Information Exposure vulnerability in multiple products

Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

1.7