CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7064
https://notcve.org/view.php?id=CVE-2018-7064
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 Una vulnerabilidad de XSS reflejado está presente en una interfaz web de Aruba Instant no autenticada. Un atacante podría utilizar esta vulnerabilidad para engañar a un administrador de IAP para que haga clic en un enlace que podría realizar acciones administrativas en el clúster Instantáneo, o exponer la cookie de sesión para una sesión administrativa. • http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-7082
https://notcve.org/view.php?id=CVE-2018-7082
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 Una vulnerabilidad de inyección de comandos está presente en Aruba Instant que permite a un usuario administrativo autenticado realizar comandos arbitrarios en el sistema operativo subyacente. Un administrador malicioso podría usar esta habilidad para instalar backdoors o cambiar la configuración del sistema de una manera que no quede registro. • http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7083
https://notcve.org/view.php?id=CVE-2018-7083
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0 Si un proceso que corre dentro de Aruba Instant se bloquea, puede conllevar a un "volcado de memoria", que contiene la memoria del proceso en el momento en que se bloqueó. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt http://www.securityfocus.com/bid/108374 https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13099 – wolfSSL Bleichenbacher/ROBOT
https://notcve.org/view.php?id=CVE-2017-13099
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." wolfSSL en versiones anteriores a la 3.12.2 proporciona un oráculo de Bleichenbacher débil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicación wolfSSL vulnerable. Esta vulnerabilidad es conocida como "ROBOT". • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-002.txt http://www.kb.cert.org/vuls/id/144389 http://www.securityfocus.com/bid/102174 https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf https://github.com/wolfSSL/wolfssl/pull/1229 https://robotattack.org • CWE-203: Observable Discrepancy •
CVSS: 10.0EPSS: 30%CPEs: 54EXPL: 3CVE-2017-14491 – Dnsmasq < 2.78 - 2-byte Heap Overflow
https://notcve.org/view.php?id=CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability. • https://www.exploit-db.com/exploits/42941 https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/a • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •