Jake Baines

**Name of the Vulnerable Software and Affected Versions** WatchGuard Fireware OS versions prior to 12.1.4 WatchGuard Fireware OS versions prior to 12.5.10 WatchGuard Fireware OS versions prior to 12.8.1 **Description** An argument injection issue in the `diagnose` and `import pac` commands allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances. **Recommendations** WatchGuard Fireware OS version prior to 12.1.4: Update to version 12.1.4 or later. WatchGuard Fireware OS version prior to 12.5.10: Update to version 12.5.10 or later. WatchGuard Fireware OS version prior to 12.8.1: Update to version 12.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco FirePOWER Services Software for ASA (affected versions not specified) **Description** The issue is related to improper handling of undefined command parameters in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module. This could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. The attacker must have administrative access to the Cisco ASA to exploit this vulnerability. The vulnerability can be exploited by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Adaptive Security Device Manager (ASDM) (affected versions not specified) **Description** A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware Tools for Windows versions 10.x.y through 12.0.0 **Description** The issue is related to an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. **Recommendations** For versions 10.x.y through 12.0.0, consider disabling the XML parsing functionality until a patch is available. As a temporary workaround, restrict access to the VMware Tools to minimize the risk of exploitation. Avoid using the vulnerable XML functionality in the affected Windows guest OS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ADSelfService Plus versions prior to 6122 **Description** The issue allows a remote authenticated administrator to execute arbitrary operating system commands as SYSTEM via the policy custom script feature. This can be exploited due to the use of a default administrator password, making it easier for attackers to abuse this functionality. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field, specifically the `password` field. This vulnerability can be exploited when a certain password sync feature is enabled, which uses passwords as script arguments, allowing for remote code execution via executable CMD.EXE input. **Recommendations** For versions prior to 6122, update to a version that includes the fix for this issue, specifically build 6122 or later, to prevent remote code execution. As a temporary workaround, consider disabling the policy custom script feature until a patch is available. Restrict access to the password sync feature that uses passwords as script arguments to minimize the risk of exploitation. Avoid using the `password` field in the custom script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Endpoint Configuration Manager (affected versions not specified) **Description** The issue is related to insufficient access control in the Microsoft Endpoint Configuration Manager, part of the Microsoft Windows operating system. This can allow an attacker to elevate their privileges. The vulnerability may be exploited to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Device Manager (ASDM) (affected versions not specified) **Description** The issue is related to insufficient protection of registration data in the logging component of Cisco Adaptive Security Device Manager (ASDM). This could allow an authenticated, local attacker to view sensitive information in clear text on an affected system, specifically when Cisco ADSM is deployed in a shared workstation environment. The vulnerability is due to the storage of unencrypted credentials in certain logs, which an attacker could exploit by accessing the logs on an affected system, potentially allowing them to view the credentials of other users of the shared device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall SMA 100 Appliances version 10.2.0.8-37sv SonicWall SMA 100 Appliances version 10.2.1.1-19sv SonicWall SMA 100 Appliances version 10.2.1.2-24sv SonicWall SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions **Description** A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. **Recommendations** For SonicWall SMA 100 Appliances version 10.2.0.8-37sv, update to a version later than 10.2.0.8-37sv. For SonicWall SMA 100 Appliances version 10.2.1.1-19sv, update to a version later than 10.2.1.1-19sv. For SonicWall SMA 100 Appliances version 10.2.1.2-24sv, update to a version later than 10.2.1.2-24sv. For SonicWall SMA 200, 210, 400, 410 and 500v appliances, update to a firmware version later than 10.2.1.2-24sv. As a temporary workaround, consider disabling the mod cgi module in the Apache httpd server until a patch is available.

Name of the Vulnerable Software and Affected Versions: PC Worx Automation Suite of Phoenix Contact versions up to 1.88 Description: The issue is related to improper input validation, which could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. Recommendations: For versions up to 1.88, consider updating to a version that includes a fix for this issue, as no specific workaround or mitigation measures are provided in the available information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Device Manager (ASDM) Launcher (affected versions not specified) **Description** A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and the Launcher. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position on the network to intercept the traffic between the Launcher and the ASDM and then inject arbitrary code. A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher. A successful exploit may require the attacker to perform a social engineering attack to persuade the user to initiate communication from the Launcher to the ASDM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.