Jim Becher

**Name of the Vulnerable Software and Affected Versions** Apache PERL (affected versions not specified) **Description** An authenticated, read-only user can upload a file and perform a directory traversal to place the uploaded file in a location of their choosing. This can be used to overwrite existing PERL modules within the application, potentially leading to remote code execution (RCE) by an attacker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** An API endpoint intended for web application administrators is accessible to lower-level read-only users. This allows unauthorized export of the appliance configuration, potentially exposing sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** An API endpoint intended for web application administrators is accessible to lower-level read-only users. This allows unauthorized access to appliance configuration import functionality, potentially enabling an attacker to gain administrative privileges. The vulnerable `API endpoint` allows control over the appliance configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xormon Original (affected versions not specified) **Description** An authenticated, read-only user can terminate any processes running on the virtual appliance as the `lpar2rrd` user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. (affected versions not specified) **Description** An API endpoint intended for web application administrators is accessible to lower-level read-only users. This allows unauthorized download of appliance configuration logs, potentially exposing sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Checkmk NagVis component (affected versions not specified) **Description** The NagVis component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Checkmk (affected versions not specified) **Description** The issue concerns the "NagVis" component within Checkmk, which is susceptible to remote code execution. An authenticated attacker with administrative level privileges can upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica Proxy (affected versions not specified) **Description** The issue allows services running and bound to the loopback interface on the Artica Proxy to be accessible through the proxy service. Specifically, the `tailon` service, which runs as the root user and listens on TCP port 7050, can be used to view the contents of any file on the Artica Proxy. Security issues related to exposing this network service are documented on gvalkov's `tailon` GitHub repository. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artica Proxy (affected versions not specified) **Description** The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type (affected versions not specified) **Description** A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate privileges to root on an affected device. This issue is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this by authenticating to the device and using crafted commands at the prompt, potentially allowing the execution of arbitrary commands as root. The attacker must have valid credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type (affected versions not specified) **Description** A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This issue is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using `sudo`. A successful exploit could allow the attacker to view arbitrary files as `root` on the underlying operating system. The attacker must have valid credentials on the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that involves Unauthenticated API Endpoints. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider restricting access to the API endpoints as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that allows Directory Traversal through the API. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, update to a version later than 1.7.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue in the Web Application of the CommScope Ruckus IoT Controller allows authenticated users to perform arbitrary read/write actions. The API endpoint allows an HTTP POST request to write arbitrary content into any file on the filesystem with root privileges. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider restricting access to the API endpoint that allows arbitrary file writes until a patch is available. As a temporary workaround, limit the privileges of authenticated users to prevent them from performing arbitrary read/write actions on the filesystem.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered that involves hard-coded system passwords, which provide shell access. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider changing the hard-coded system passwords to unique, strong passwords to prevent unauthorized shell access. As a temporary workaround, restrict access to the shell to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered where hard-coded web application administrator passwords exist for the `admin` and `nplus1user` accounts. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, consider changing the hard-coded passwords for the `admin` and `nplus1user` accounts to unique, strong passwords as a temporary mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue was discovered where hard-coded API keys exist. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, update to a version that addresses the issue of hard-coded API keys.

**Name of the Vulnerable Software and Affected Versions** CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier **Description** An issue exists in the CommScope Ruckus IoT Controller, where an undocumented backdoor allows shell access via a developer account. This backdoor enables unauthorized access, potentially leading to further exploitation. **Recommendations** For CommScope Ruckus IoT Controller versions 1.7.1.0 and earlier, as a temporary workaround, consider disabling developer account access until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

🚨 CVE-2020-28334 Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell. 🎖@cveNotify

**Name of the Vulnerable Software and Affected Versions** Barco wePresent WiPG-1600W version 2.5.1.8 **Description** The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions, instead using a `SEID` token appended to URLs in GET requests. This `SEID` token can be exposed in web proxy logs and browser history. An attacker who captures the `SEID` and originates requests from the same IP address can access the device's user interface without knowing the credentials. **Recommendations** For version 2.5.1.8, as a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using the `SEID` token in GET requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.