Sign-up

VARIoT news about IoT security

Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability

Trust: 3.0

Fetched: Aug. 25, 2023, 9:13 a.m., Published: Aug. 23, 2023, 3:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series switches
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 3000
vendor: cisco model: 1000v
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus 9000
vendor: cisco model: cisco nx-os
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: series
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus 1000v
vendor: cisco model: nexus

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability

Trust: 5.0

Fetched: Aug. 25, 2023, 9:12 a.m., Published: Aug. 23, 2023, 3:48 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: fxos
vendor: cisco model: ucs 6324
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 3000
vendor: cisco model: 1000v
vendor: cisco model: firepower
vendor: cisco model: firepower 9300
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus 9000
vendor: cisco model: cisco nx-os
vendor: cisco model: series
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus 1000v
vendor: cisco model: nexus

Positive Technologies helps fix dangerous vulnerability in Western Digital's network attached storage devices

Trust: 5.25

Fetched: Aug. 25, 2023, 9:11 a.m., Published: Aug. 25, 2067, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-22815

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Trust: 3.75

Fetched: Aug. 23, 2023, 9:17 a.m., Published: Aug. 21, 2023, 11:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-24489

23-036 (August 22, 2023) - Threat Encyclopedia

Related entries in the VARIoT vulnerabilities database: VAR-201904-1069, VAR-202008-0248

Trust: 4.5

Fetched: Aug. 23, 2023, 9:16 a.m., Published: Aug. 22, 2023, midnight
 Vulnerabilities: denial of service, local file inclusion, file inclusion...
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: solarwinds model: network performance monitor
db: NVD ids: CVE-2023-1183, CVE-2023-32535, CVE-2018-16855, CVE-2022-43769, CVE-2019-0199, CVE-2023-27372, CVE-2022-43939, CVE-2023-33157, CVE-2023-38204, CVE-2020-1472, CVE-2022-47504, CVE-2023-24955, CVE-2023-34225, CVE-2023-23969

Update now! WinRAR files can be abused to run malware

Trust: 4.75

Fetched: Aug. 23, 2023, 9:16 a.m., Published: Aug. 22, 2023, 6:58 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-40477

DSA-2023-247: Dell ThinOS Security Update for Multiple Vulnerabilities | Dell Polska

Trust: 4.5

Fetched: Aug. 23, 2023, 9:14 a.m., Published: Sept. 3, 2102, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: wyse 5070
vendor: dell model: latitude
db: NVD ids: CVE-2023-32446, CVE-2023-32455, CVE-2023-32447

Threat actors actively exploiting critical flaw in NetScaler ADC devices | CSO Online

Trust: 3.0

Fetched: Aug. 23, 2023, 9:14 a.m., Published: July 24, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-3519

What is a Relay Attack (with examples) and How Do They Work?

Trust: 3.75

Fetched: Aug. 20, 2023, 9:24 a.m., Published: Jan. 31, 2019, 1:03 p.m.
 Vulnerabilities: replay attack
Affected productsExternal IDs
vendor: tesla model: model

Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

Trust: 5.0

Fetched: Aug. 20, 2023, 9:23 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: expressway
vendor: cisco model: cisco expressway
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco telepresence video communication server
vendor: cisco model: telepresence
vendor: cisco model: telepresence video communication server
vendor: cisco model: expressway series
vendor: cisco model: series

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Trust: 3.25

Fetched: Aug. 20, 2023, 9:23 a.m., Published: Aug. 19, 2023, 7:38 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36847, CVE-2023-36844, CVE-2023-36845, CVE-2023-36846

Hackers exploiting RCE vulnerability in NetScaler, Gateway devices to implant webshells, CISA warns - Industrial Cyber

Trust: 5.5

Fetched: Aug. 20, 2023, 9:22 a.m., Published: July 21, 2023, 12:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2023-3519

Armis and Honeywell jointly disclose “Crit.IX” | Armis

Trust: 3.5

Fetched: Aug. 20, 2023, 9:21 a.m., Published: July 14, 2023, 6:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: honeywell model: experion process knowledge system
vendor: honeywell model: experion

AXIS A1001 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202307-2464

Trust: 5.75

Fetched: Aug. 20, 2023, 9:21 a.m., Published: March 7, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: axis communications model: axis a1001
vendor: axis communications model: communications
vendor: axis communications model: a1001
vendor: axis model: axis a1001
vendor: axis model: communications
vendor: axis model: a1001
db: NVD ids: CVE-2023-21406

Ivanti patches zero-day vulnerability in its Endpoint Manager Mobile software

Trust: 4.25

Fetched: Aug. 20, 2023, 9:20 a.m., Published: July 25, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2020-1550, CVE-2023-35078

CVE-2023-35082 - Vulnerability affecting EPMM and MobileIron Core | Ivanti

Trust: 3.0

Fetched: Aug. 20, 2023, 9:20 a.m., Published: Aug. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35082

Get vulnerability by ID | Microsoft Learn

Trust: 3.0

Fetched: Aug. 20, 2023, 9:18 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2019-0608

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

Trust: 4.5

Fetched: Aug. 20, 2023, 9:18 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: cross-site request forgery, request forgery
Affected productsExternal IDs
vendor: cisco model: 8831
vendor: cisco model: ip phone
vendor: cisco model: ip conference phone
vendor: cisco model: series

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS | Microsoft Security Blog

Trust: 5.25

Fetched: Aug. 20, 2023, 9:17 a.m., Published: Aug. 11, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, replay attack...
Affected productsExternal IDs
vendor: wago model: wago pfc200
vendor: wago model: pfc200
vendor: codesys model: runtime
vendor: codesys model: control
vendor: codesys model: codesys
db: NVD ids: CVE-2019-9013

Citrix zero-day vulnerability under attack - Security - iTnews

Trust: 5.75

Fetched: Aug. 20, 2023, 9:17 a.m., Published: Aug. 7, 2023, midnight
 Vulnerabilities: code execution, privilege escalation, cross-site scripting
Affected productsExternal IDs
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-3467, CVE-2023-3519, CVE-2023-3466