Skip to content

InesMartins31/iot-cves

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IoT CVE

The following repository represents an abnormal data collection strategy for a security system in IoT. Based on a detailed risk assessment and collaboration with domain experts, the data collection framework should analyze patterns to spot potential threats and points of failure. Obtaining valid, representative, and accurate data that reflects the context and environment is critical to building an IDS fit for exploitation.

This procedure is detailed in the article, published in Future Generation Computer Systems, entitled:

Host-based IDS: a review and open issues of an anomaly detection system in IoT

https://doi.org/10.1016/j.future.2022.03.001

Real-time host-based dataset

By instancing an intrusion detection task as an anomaly detection problem, the dataset consists of expected behavior, regular system interactions, and abnormal events interpreted as threats, software errors, and vulnerabilities that can compromise the entire infrastructure. Therefore, in order to reproduce an online and incremental framework, the anomalies will be injected into the working system to evaluate its performance regarding the false alarm rates, false-negative rates, and delay between the incoming threat and its report times.

In this repository, a list of CVE, Common Vulnerabilities and Exposures, is indexed according to its attack type, identification, hardware/software required to run the exploitation, as well as a brief description. Each identification connects to another page depicting the main topics, such as the official website, the software/hardware requirements, and the instruction to execute the CVE.


Attack type CVE Hardware / Software Description
Access Control Bypass CVE-2019-13188 Knowage
(FIWARE)
In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application
Buffer overflow / UAF CVE-2018-1000030 Python Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free.
The vulnerability lies when multiply threads are handling large amounts of data.
Disclosure of information about datasources including access passwords CVE-2019-13348 Knowage
(FIWARE)
An authenticated user who accesses the
datasources page will gain access to any data
source credentials in cleartext, which includes databases.
DoS CVE-2020-9283 SSH (Go) golang.org/x/crypto before
v0.0.0-20200220183623-bac4c82f6975
allows a malicious user to cause a panic
on an SSH server.
DoS CVE-2020-6060 MiniSNMPD A stack buffer overflow vulnerability exists
in the way MiniSNMPD version 1.4 handles
multiple connections. A specially timed
sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service.
DoS CVE-2019-17498 Libssh2 Libssh2 up to version 1.9.0 contains a remotely
triggerable out-of-bounds read, leading to denial of service or potentially to information disclosure.
DoS CVE-2019-16279 nhttpd A memory error in the function SSL_accept allows an attacker to trigger a denial of service via a crafted HTTP request.
DoS CVE-2019-13115 Libssh2 Libssh2 up to version 1.8.2 contains a remotely
triggerable out-of-bounds read, potentially leading
to information disclosure.
DoS (Out-of-Bounds read) CVE-2018-7182 NTP The ctl_getitem method in ntpd in ntp-4.2.8p6
before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance.
Improper file access CVE-2018-8712 Webmin Due to weak default configuration settings,
limited users have full access rights to the underlying system files, allowing the user to read sensitive data from the local system.
MitM CVE-2019-6110 / CVE-2019-6111 SCP - Secure Copy
(openssh-clients package)
Vulnerability in OpenSSH that allows overwrite
in files and could possible send more responses
than required by user.
Password Hash Disclosure CVE-2019-13349 Knowage
(FIWARE)
An authenticated user that accesses the users
page will obtain all user password hashes.
Path traversal CVE-2018-12015 Perl Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files.
Privilege escalation CVE-2019-14287 Sudo An attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and
session PAM modules, and can cause incorrect
logging, by invoking sudo with a crafted user ID.
Privilege escalation CVE-2019-9891 - The function getopt_simple as described in Advanced Bash Scripting Guide allows privilege escalation and execution of commands when used in a shell script.
Privilege escalation CVE-2019-8320 Ruby A Directory Traversal issue was discovered in RubyGems allowing to delete arbitrary files.
Privilege escalation / RCE CVE-2019-5736 Docker The vulnerability allows a malicious container (with minimal user interaction) to overwrite the host
runc binary and thus gain root-level code execution on the host.
Privilege escalation CVE-2018-10933 SSH The libssh, a multiplatform library that supports
the SSH protocol, allows attackers to bypass authentication and gain full control over vulnerable servers.
Privilege escalation
(Buffer overflow)
CVE-2019-18634 Sudo A heap buffer overflow that leads to privilege
escalation on sudo <=1.8.25.
RCE CVE-2020-7246 qdPM qdPM version 9.1 suffers from a remote code
execution vulnerability.
RCE CVE-2019-16278 nhttpd Directory Traversal in the function http_verify allows an attacker to achieve remote code execution via a crafted HTTP request.
RCE CVE-2019-15642 Webmin Webmin allows authenticated Remote Code
Execution via a crafted object.
RCE CVE-2019-15107 Webmin The parameter old in password_change.cgi
contains a command injection vulnerability.
RCE CVE-2019-12840 Webmin Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges.
RCE CVE-2019-11043 PHP-FPM In certain configurations of FPM setup it is possible to cause FPM module to write past allocated
buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote
code execution. In certain nginx + PHP-FPM configurations, the bug is possible to trigger from the outside.
RCE CVE-2019-9624 Webmin Allows remote attackers to execute arbitrary
code by leveraging privileges to upload a crafted
.cgi file via the /updown/upload.cgi URI.
RCE CVE-2019-7731 MyWebSQL MyWebSQL 3.7 has a remote code execution
vulnerability after an attacker writes shell code
into the database, and executes the Backup Database function with a .php filename for the backup's archive file
SQL
Injection
CVE-2020-9340 eLection fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandidat.php id parameter.
SQL
Injection
CVE-2020-9268 SO Planning SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring.
Unauthorized File
Read
CVE-2020-1938 Apache
Tomcat
The AJP protocol is enabled by default allowing
untrusted clients to read web application files.
User enumeration CVE-2018-15473 OpenSSH Vulnerability that could allow a remote attacker to determine if a user with the given name exists in
the system.
XSS CVE-2019-13189 Knowage
(FIWARE)
Knowage before 6.4 has Cross-site Scripting via
the ChangePwdServlet page, the parameters of
start_url and user_id are vulnerable
XXE CVE-2019-15641 Webmin Authenticated XXE allowing to retrieve local
file or discover internal networks with root rights.

Fundings

  • The work of Inês Martins has been supported by Fundação para a Ciência e Tecnologia FCT, Portugal - 2021.04908.BD and partially funded by the SafeCities POCI-01-0247-FEDER-041435 project through COMPETE 2020 program.

  • The work of João S. Resende has been supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe.

  • The work of Patrícia R. Sousa has been supported by the Project “City Catalyst – Catalisador para cidades sustentáveis”, with reference POCI-01-0247-FEDER-046112, financed by Fundo Europeu de Desenvolvimento Regional (FEDER), through COMPETE 2020 and Portugal 2020 programs.

  • The work of Simão Silva was partially funded by the SafeCities POCI-01-0247-FEDER-041435 project through COMPETE 2020 program.

  • The work of Luís Antunes has been supported by the Project “CNCS - Centro Nacional de Cibersegurança - Serviço de Gestão Alargada do Conhecimento Situacional e Operacional do Ciberespaço Nacional”, with reference POCI-05-5762-FSE-000229, financed by Agência para a Modernização Administrativa.

  • The work of João Gama was partially supported by the European Commission-funded project Humane AI: Toward AI Systems That Augment and Empower Humans by Understanding Us, our Society and the World Around Us (grant # 820437).

All the supports mentioned above are gratefully acknowledged.