CVE-2018-0091

CVE: CVE-2018-0091
Published: 2018-01-18T06:29Z
Vendor: cisco
Products: identity_services_engine
Versions: *,
Description Language: en
Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf73922.
References:
http://www.securityfocus.com/bid/102756
http://www.securitytracker.com/id/1040241
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ise

CVE-2018-0090

CVE: CVE-2018-0090
Published: 2018-01-18T06:29Z
Vendor: cisco
Products: nx-os
Versions: 7.3(2)n1(0.6), 8.3(0)kms(0.31), 8.8(3.5)s0,
Description Language: en
Description: A vulnerability in management interface access control list (ACL) configuration of Cisco NX-OS System Software could allow an unauthenticated, remote attacker to bypass configured ACLs on the management interface. This could allow traffic to be forwarded to the NX-OS CPU for processing, leading to high CPU utilization and a denial of service (DoS) condition. The vulnerability is due to a bad code fix in the 7.3.2 code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. An attacker could exploit this vulnerability by sending crafted traffic to the management interface. An exploit could allow the attacker to bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvf31132.
References:
http://www.securityfocus.com/bid/102753
http://www.securitytracker.com/id/1040247
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos

CVE-2018-0089

CVE: CVE-2018-0089
Published: 2018-01-18T06:29Z
Vendor: cisco
Products: policy_suite
Versions: 10.0.0, 11.0.0, 11.1.0,
Description Language: en
Description: A vulnerability in the Policy and Charging Rules Function (PCRF) of the Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access to the internal VLAN where CPS is deployed. The vulnerability is due to incorrect permissions of certain system files and not sufficiently protecting sensitive data that is at rest. An attacker could exploit the vulnerability by using certain tools available on the internal network interface to request and view system files. An exploit could allow the attacker to find out sensitive information about the application. Cisco Bug IDs: CSCvf77666.
References:
http://www.securityfocus.com/bid/102758
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cps

CVE-2018-0088

CVE: CVE-2018-0088
Published: 2018-01-18T06:29Z
Vendor: cisco
Products: industrial_ethernet_4010_series_firmware
Versions: *,
Description Language: en
Description: A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150.
References:
http://www.securitytracker.com/id/1040240
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-iess

CVE-2018-0086

CVE: CVE-2018-0086
Published: 2018-01-18T06:29Z
Vendor: cisco
Products: unified_customer_voice_portal
Versions: 11.5,
Description Language: en
Description: A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to malformed SIP INVITE traffic received on the CVP during communications with the Cisco Virtualized Voice Browser (VVB). An attacker could exploit this vulnerability by sending malformed SIP INVITE traffic to the targeted appliance. An exploit could allow the attacker to impact the availability of services and data on the device, causing a DoS condition. This vulnerability affects Cisco Unified CVP running any software release prior to 11.6(1). Cisco Bug IDs: CSCve85840.
References:
http://www.securityfocus.com/bid/102745
http://www.securitytracker.com/id/1040220
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp

CVE-2018-5764

CVE: CVE-2018-5764
Published: 2018-01-17T22:29Z
Vendor: samba
Products: rsync
Versions: 3.0.8, 3.0.9, 3.1.0, 3.1.1,
Description Language: en
Description: The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple –protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
References:
http://www.securityfocus.com/bid/102803
http://www.securitytracker.com/id/1040276
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html

CVE-2018-5747

CVE: CVE-2018-5747
Published: 2018-01-17T19:29Z
Vendor: lrzip_project
Products: lrzip
Versions: 0.631,
Description Language: en
Description: In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.
References:
https://github.com/ckolivas/lrzip/issues/90

CVE-2018-5721

CVE: CVE-2018-5721
Published: 2018-01-17T06:29Z
Vendor: asuswrt-merlin_project
Products: asuswrt-merlin
Versions: 382.1_2,
Description Language: en
Description: Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a “_wan_if” substring.
References:
http://www.w0lfzhang.com/2018/01/17/ASUS-router-stack-overflow-in-http-server/

CVE-2018-5258

CVE: CVE-2018-5258
Published: 2018-01-17T17:29Z
Vendor: banconeon
Products: neon
Versions: 1.6.14,
Description Language: en
Description: The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
References:
https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f
https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb
https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm

CVE-2018-5195

CVE: CVE-2018-5195
Published: 2018-01-17T17:29Z
Vendor: hancom
Products: thinkfree_office_neo
Versions: 9.6.1.5183,
Description Language: en
Description: Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.
References:
http://help.hancom.com/cve/hoffice/en-US/CVE_en_050_01.htm
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=26983