Weekly Vulnerabilities Reports > July 27 to August 2, 2015
Overview
30 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 49 products from 13 vendors including Cisco, Symantec, Webservice DIC, Chiyutw, and Linux. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", "Information Exposure", and "Resource Management Errors".
- 26 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 21 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
10 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-08-01 | CVE-2015-1492 | Symantec | Improper Input Validation vulnerability in Symantec Endpoint Protection Manager 12.1.0 Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | 8.5 |
2015-08-01 | CVE-2015-1489 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Endpoint Protection Manager 12.1.0 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | 8.5 |
2015-08-01 | CVE-2015-4291 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | 7.8 |
2015-07-29 | CVE-2015-5477 | ISC | Data Processing Errors vulnerability in ISC Bind named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | 7.8 |
2015-08-01 | CVE-2015-5618 | Chiyutw | Permissions, Privileges, and Access Controls vulnerability in Chiyutw Bf-630 and Bf-630W Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice.htm or (b) UniFinger configuration settings via a request to bf.htm, a different vulnerability than CVE-2015-2871. | 7.5 |
2015-08-01 | CVE-2015-2871 | Chiyu | Permissions, Privileges, and Access Controls vulnerability in Chiyu Bf-660C Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. | 7.5 |
2015-08-01 | CVE-2015-1486 | Symantec | Improper Authentication vulnerability in Symantec Endpoint Protection Manager 12.1.0 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | 7.5 |
2015-07-29 | CVE-2015-2979 | Webservice DIC | OS Command Injection vulnerability in Webservice-Dic Yoyaku 41 Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 7.5 |
2015-07-29 | CVE-2015-2977 | Webservice DIC | Improper Input Validation vulnerability in Webservice-Dic Yoyaku 41 Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | 7.5 |
2015-08-01 | CVE-2015-2890 | Dell | Local Security vulnerability in Dell BIOS Implementation The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile Workstation, and Precision Workstation Client Solutions (CS) devices with model-dependent firmware before A21 does not enforce a BIOS_CNTL locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging console access, a similar issue to CVE-2015-3692. | 7.2 |
18 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-08-01 | CVE-2015-4289 | Cisco | Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049) Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. | 6.4 |
2015-08-01 | CVE-2015-1491 | Symantec | SQL Injection vulnerability in Symantec Endpoint Protection Manager 12.1.0 SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.0 |
2015-08-01 | CVE-2015-1490 | Symantec | Path Traversal vulnerability in Symantec Endpoint Protection Manager 12.1.0 Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | 5.5 |
2015-08-01 | CVE-2015-1487 | Symantec | Improper Input Validation vulnerability in Symantec Endpoint Protection Manager 12.1.0 The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | 5.5 |
2015-07-30 | CVE-2015-4293 | Cisco | Resource Management Errors vulnerability in Cisco IOS XE The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957. | 5.0 |
2015-07-29 | CVE-2015-4286 | Cisco | Improper Input Validation vulnerability in Cisco Unified Computing System Central Software 1.3(0.99) The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | 5.0 |
2015-07-29 | CVE-2015-2978 | Webservice DIC | Improper Authentication vulnerability in Webservice-Dic Yoyaku 41 Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | 5.0 |
2015-07-29 | CVE-2015-4287 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Firepower Extensible Operating System 1.1(1.86) Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | 5.0 |
2015-07-29 | CVE-2015-2974 | Lemon S PHP | Improper Input Validation vulnerability in Lemon-S PHP Gazou BBS Plus 2.35 LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. | 5.0 |
2015-07-29 | CVE-2015-4290 | Cisco Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049) The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. | 4.9 |
2015-07-27 | CVE-2015-4692 | Linux | Denial of Service vulnerability in Linux Kernel KVM 'kvm_apic_has_events()' Function The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | 4.9 |
2015-08-01 | CVE-2015-4294 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Communications Manager IM and Presence Service 10.5(1)/9.0(1)/9.1(1) Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. | 4.3 |
2015-08-01 | CVE-2015-4292 | Cisco | Cross-site Scripting vulnerability in Cisco Prime Central for Hosted Collaboration Solution Assurance 10.6(2) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuv45818. | 4.3 |
2015-08-01 | CVE-2015-2870 | Chiyutw | Cross-site Scripting vulnerability in Chiyutw Bf-630, Bf-630W and Bf-660C Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. | 4.3 |
2015-07-29 | CVE-2015-4288 | Cisco | Cryptographic Issues vulnerability in Cisco products The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | 4.3 |
2015-07-29 | CVE-2015-0732 | Cisco | Cross-site Scripting vulnerability in Cisco products Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167. | 4.3 |
2015-08-01 | CVE-2015-4295 | Cisco | Information Exposure vulnerability in Cisco Unified Communications Manager 10.5(3.10000.9) The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | 4.0 |
2015-08-01 | CVE-2015-1488 | Symantec | Information Exposure vulnerability in Symantec Endpoint Protection Manager 12.1.0 An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | 4.0 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-08-01 | CVE-2015-1904 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Business Process Manager IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. | 3.5 |
2015-08-01 | CVE-2015-1009 | Indusoft Wonderware | Information Exposure vulnerability in multiple products Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file. | 1.7 |