MidnightBSD

Advisories for raritan

CVE-2005-2136 MEDIUM

Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
raritan dominion_sxa-48_firmware -
raritan dominion_sx16_firmware -
raritan dominion_sx8_firmware -
raritan dominion_sx32_firmware 2.4.6
raritan dominion_sx4_firmware -
CVE-2014-2955 HIGH

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
raritan px *
raritan px 1.0.4
raritan px 1.3.1
raritan px 1.2.7
raritan px 1.4.1
raritan px 1.5.7
raritan px 1.3
raritan dpxr20a-16 -
raritan px 1.0
raritan px 1.5.4
raritan px 1.1.6
raritan px 1.2.5
raritan px 1.3.5
raritan px 1.1
raritan px 1.2
raritan px 1.5
CVE-2014-3901 HIGH

Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
raritan dominion_kx_ii-101_firmware -
CVE-2014-9095 HIGH

Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
raritan power_iq 4.2.1
raritan power_iq 4.1.0
CVE-2018-20687 HIGH

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
raritan commandcenter_secure_gateway *