Nikita Abramov

Name of the Vulnerable Software and Affected Versions: OnCell G3470A-LTE Series firmware versions v1.7.7 and prior Description: The issue is related to the use of uncontrolled format strings, which can be exploited by a remote attacker to cause a denial of service. An attacker could modify an externally controlled format string to cause a memory leak. Recommendations: For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider restricting the acceptance of format strings from external sources as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OnCell G3470A-LTE Series firmware versions v1.7.7 and prior **Description** The issue is related to missing bounds checking on buffer operations, which could allow an attacker to write past the boundaries of allocated buffer regions in memory, causing a program crash. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider applying configuration changes to restrict access to buffer operations until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OnCell G3470A-LTE Series firmware versions v1.7.7 and prior **Description** The issue is related to a lack of neutralized inputs in the IPSec configuration, allowing an attacker to modify intended commands sent to target functions. This could enable malicious users to execute unauthorized commands by sending specially crafted network requests. **Recommendations** For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider updating to a version that addresses the lack of neutralized inputs in IPSec configuration to prevent unauthorized command execution. As a temporary workaround, restrict access to the IPSec configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OnCell G3470A-LTE Series firmware versions v1.7.7 and prior **Description** The issue is related to a lack of neutralized inputs in the web key upload function, allowing an attacker to modify intended commands sent to target functions. This could enable malicious users to execute unauthorized commands. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code by sending specially crafted network requests. **Recommendations** For OnCell G3470A-LTE Series firmware versions v1.7.7 and prior, consider disabling the web key upload function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of unauthorized command execution. Avoid using the web key upload function in the affected firmware versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the ArubaOS web-based management interface. This vulnerability allows a remote attacker to read arbitrary files in the underlying operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS (affected versions not specified) **Description** The issue exists in the ArubaOS web-based management interface, where authenticated remote command injection is possible. This allows an attacker to execute arbitrary commands as a privileged user on the underlying operating system, potentially leading to full compromise of the operating system on the device running ArubaOS. The vulnerability is due to the lack of neutralization of special elements used in the operating system command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS (affected versions not specified) **Description** The issue exists due to the lack of neutralization of special elements used in operating system commands in the ArubaOS web-based management interface. This allows a remote attacker to execute arbitrary commands as a privileged user on the underlying operating system, potentially fully compromising the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArubaOS (affected versions not specified) **Description** The issue is related to an authenticated path traversal vulnerability in the ArubaOS web-based management interface. This vulnerability allows for the deletion of arbitrary files in the underlying operating system. The vulnerability is associated with incorrect restriction of directory path names with limited access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel GS1920-24v2 firmware versions prior to V4.70(ABMH.8)C0 Zyxel GS1350, GS1915, GS1920, GS2220 (affected versions not specified) **Description** The issue is related to an improper check for unusual or exceptional conditions in the HTTP request processing function, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. **Recommendations** For Zyxel GS1920-24v2 firmware versions prior to V4.70(ABMH.8)C0, update to V4.70(ABMH.8)C0 or later to resolve the issue. For Zyxel GS1350, GS1915, GS1920, GS2220, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zyxel ATP series versions 4.32 through 5.35 Zyxel USG FLEX series versions 4.50 through 5.35 Zyxel USG FLEX 50(W) versions 4.16 through 5.35 Zyxel USG20(W)-VPN versions 4.16 through 5.35 Zyxel VPN series versions 4.30 through 5.35 Zyxel NWA110AX versions 6.50(ABTG.2) and earlier Zyxel WAC500 versions 6.50(ABVS.0) and earlier Zyxel WAX510D versions 6.50(ABTF.2) and earlier **Description** The issue is related to a post-authentication information exposure vulnerability in the CGI program of the affected Zyxel devices. This vulnerability could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. The vulnerability is associated with inadequate access restrictions to personal information. **Recommendations** For Zyxel ATP series versions 4.32 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX series versions 4.50 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG FLEX 50(W) versions 4.16 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel USG20(W)-VPN versions 4.16 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel VPN series versions 4.30 through 5.35, update to a version outside of this range to resolve the issue. For Zyxel NWA110AX versions 6.50(ABTG.2) and earlier, update to a version later than 6.50(ABTG.2) to resolve the issue. For Zyxel WAC500 versions 6.50(ABVS.0) and earlier, update to a version later than 6.50(ABVS.0) to resolve the issue. For Zyxel WAX510D versions 6.50(ABTF.2) and earlier, update to a version later than 6.50(ABTF.2) to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Western Digital My Cloud OS 5 versions prior to 5.26.300 **Description** The issue is related to a post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices. This could allow an attacker to execute code in the context of the root user on vulnerable CGI files. The vulnerability can only be exploited over the network and requires the attacker to already have admin/root privileges. An authentication bypass is necessary for this exploit, making it more complex. The attack may not require user interaction. Given that an attacker must already be authenticated, the confidentiality impact is low, while the integrity and availability impact is high. **Recommendations** For Western Digital My Cloud OS 5 versions prior to 5.26.300, update to version 5.26.300 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable CGI files until a patch is applied. Additionally, ensure that admin/root privileges are tightly controlled to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BIG-IP versions 13.1.x BIG-IP versions 14.1.x through 14.1.5.0 BIG-IP versions 15.1.x through 15.1.6.0 BIG-IP versions 16.1.x through 16.1.3.0 BIG-IP versions 17.0.x through 17.0.0.0 **Description** The issue is related to a buffer over-read in BIG-IP when an LTM monitor or APM SSO is configured on a virtual server and NTLM challenge-response is in use. This can cause undisclosed traffic to lead to a buffer over-read, potentially allowing a remote attacker to gain unauthorized access to protected information. **Recommendations** For BIG-IP version 13.1.x, there is no information about a newer version that contains a fix for this vulnerability. For BIG-IP versions 14.1.x through 14.1.5.0, update to version 14.1.5.1 or later. For BIG-IP versions 15.1.x through 15.1.6.0, update to version 15.1.6.1 or later. For BIG-IP versions 16.1.x through 16.1.3.0, update to version 16.1.3.1 or later. For BIG-IP versions 17.0.x through 17.0.0.0, update to version 17.0.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** ASUSTOR Data Master (ADM) versions 3.5.9.RUE3 and below ASUSTOR Data Master (ADM) versions 4.0.5.RVI1 and below ASUSTOR Data Master (ADM) versions 4.1.0.RJD1 and below **Description** A stack-based buffer overflow vulnerability was found in ASUSTOR Data Master (ADM) when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. **Recommendations** For versions 3.5.9.RUE3 and below, update to a version above 3.5.9.RUE3 to resolve the issue. For versions 4.0.5.RVI1 and below, update to a version above 4.0.5.RVI1 to resolve the issue. For versions 4.1.0.RJD1 and below, update to a version above 4.1.0.RJD1 to resolve the issue. As a temporary workaround, consider disabling WebDAV until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) **Description** The issue is caused by insufficient bounds checking when parsing specific HTTP authentication messages, leading to a heap overflow in the Clientless SSL VPN component of Cisco Adaptive Security Appliance (ASA) Software. This could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. The attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal to send malicious traffic to an affected device acting as a VPN Gateway. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HPE OneView versions prior to 6.6 **Description** The issue is related to authentication errors in the HPE OneView IT infrastructure management system. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information. A local unauthorized read access to files vulnerability was discovered, which can be resolved with a software update provided by HPE. **Recommendations** For HPE OneView versions prior to 6.6, update to version 6.6 or later to resolve the vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HPE OneView versions prior to 6.6 **Description** A local authentication restriction bypass issue was found, related to weaknesses in the authentication procedure. This could allow an attacker to bypass existing security restrictions. HPE has provided a software update to resolve this issue. **Recommendations** For versions prior to 6.6, update to version 6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of HPE OneView until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** HPE iLO Amplifier Pack versions prior to 2.12 **Description** The issue is related to buffer overflow security vulnerabilities in the HPE iLO Amplifier Pack, which could allow a highly privileged user to remotely execute code, leading to a loss of confidentiality, integrity, and availability. The exploitation of this issue may impact the privacy, integrity, and availability of protected information. **Recommendations** For HPE iLO Amplifier Pack versions prior to 2.12, update to version 2.12 or later to resolve the vulnerability. As a temporary workaround, consider restricting access to the HPE iLO Amplifier Pack to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) **Description** A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. The estimated number of potentially affected devices worldwide is 242,070, according to Shodan. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web services interface to minimize the risk of exploitation. Avoid using the vulnerable web services interface until the issue is resolved. To prevent exploitation, it is recommended to apply the update provided by Cisco.

Name of the Vulnerable Software and Affected Versions: Zoom On-Premise Meeting Connector Controller versions prior to 4.6.358.20210205 Description: The Zone Controller service does not verify the `cnt` field sent in incoming network packets, leading to exhaustion of resources and system crash. Recommendations: For versions prior to 4.6.358.20210205, update to version 4.6.358.20210205 or later to resolve the issue. As a temporary workaround, consider restricting incoming network packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco Firepower Device Manager On-Box Software (affected versions not specified) **Description** The issue is related to the REST API of Cisco Firepower Device Manager On-Box Software, where insufficient sanitization of user input on specific REST API commands could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. An attacker could exploit this by sending a crafted HTTP request to the API subsystem. To exploit, an attacker would need valid low-privileged user credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.