Sign-up

VARIoT news about IoT security

Critical Severity Vulnerability in Fortinet Fortigate SSL-VPN Devices - Australian Cyber Security Magazine

Trust: 6.0

Fetched: Aug. 1, 2023, 9:14 a.m., Published: June 14, 2023, 1:18 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

CVE-2023-35078 - New Ivanti EPMM Vulnerability

Trust: 3.25

Fetched: Aug. 1, 2023, 9:14 a.m., Published: July 24, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

Code Execution Vulnerability Impacts 900k MikroTik Devices - SecurityWeek

Trust: 4.5

Fetched: Aug. 1, 2023, 9:13 a.m., Published: July 26, 2023, 11:48 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: routeros
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: snort model: snort
db: NVD ids: CVE-2023-30799

Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability - Cisco

Trust: 4.75

Fetched: Aug. 1, 2023, 9:13 a.m., Published: May 3, 2023, 11:11 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: spa112 2-port phone adapter
vendor: cisco model: router
vendor: cisco model: spa122
vendor: cisco model: spa112

Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435) - Help Net Security

Trust: 5.5

Fetched: Aug. 1, 2023, 9:12 a.m., Published: June 22, 2023, 10:23 a.m.
 Vulnerabilities: memory corruption, integer overflow, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2023-32435, CVE-2023-32439, CVE-2023-32434

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Trust: 5.0

Fetched: July 28, 2023, 9:13 a.m., Published: July 24, 2023, 9:10 a.m.
 Vulnerabilities: remote command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-38408, CVE-2023-25136

Patch now! Ivanti Endpoint Manager Mobile Authentication vulnerability used in the wild

Trust: 4.75

Fetched: July 28, 2023, 9:13 a.m., Published: July 27, 2023, 3:16 p.m.
 Vulnerabilities: authentication vulnerability, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

Vulnerability in QVPN Device Client for Windows - Security Advisory | QNAP (UK)

Trust: 3.25

Fetched: July 28, 2023, 9:12 a.m., Published: May 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27595

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

Trust: 4.75

Fetched: July 26, 2023, 9:13 a.m., Published: July 26, 2023, 5:02 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: mikrotik model: routers
vendor: mikrotik model: router
vendor: mikrotik model: winbox
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: routeros
vendor: snort model: snort
db: NVD ids: CVE-2023-30799

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Trust: 4.0

Fetched: July 26, 2023, 9:13 a.m., Published: July 25, 2023, 3:51 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078 | CISA

Trust: 3.0

Fetched: July 26, 2023, 9:13 a.m., Published: Nov. 11, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability - Blog | Tenable®

Trust: 4.75

Fetched: July 26, 2023, 9:12 a.m., Published: July 25, 2023, 2:08 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

Update now! Apple fixes several serious vulnerabilities

Trust: 4.75

Fetched: July 26, 2023, 9:12 a.m., Published: July 25, 2023, 5:26 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: safari
db: NVD ids: CVE-2023-32416, CVE-2023-32409, CVE-2023-38606, CVE-2023-37450

About the security content of iOS 16.6 and iPadOS 16.6 - Apple Support

Trust: 5.5

Fetched: July 26, 2023, 9:11 a.m., Published: July 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: trend micro model: security
db: NVD ids: CVE-2023-38424, CVE-2023-32441, CVE-2023-38606, CVE-2023-32381, CVE-2023-38600, CVE-2023-37450, CVE-2023-32734, CVE-2023-38603, CVE-2023-38593, CVE-2023-38133, CVE-2023-38572, CVE-2023-38565, CVE-2023-38594, CVE-2023-38611, CVE-2023-38580, CVE-2023-32433, CVE-2023-38597, CVE-2023-38595, CVE-2023-38425, CVE-2023-35993, CVE-2023-32437, CVE-2023-38136, CVE-2023-38261, CVE-2023-38410, CVE-2023-32416

AMD ‘Zenbleed’ bug can be exploited to leak passwords from Ryzen CPUs - The Verge

Trust: 3.0

Fetched: July 26, 2023, 9:11 a.m., Published: July 25, 2023, 11:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-20593

Apple fixes two new actively exploited zero-days

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 3.75

Fetched: July 25, 2023, 9:13 a.m., Published: July 25, 2023, 8:48 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: webkit
db: NVD ids: CVE-2023-32434, CVE-2023-28206, CVE-2023-28204, CVE-2023-28205, CVE-2023-32435, CVE-2023-32439, CVE-2023-23529, CVE-2023-32373, CVE-2023-32409, CVE-2023-37450, CVE-2023-38606

Ivanti patches MobileIron zero-day bug exploited in attacks

Trust: 3.75

Fetched: July 25, 2023, 9:12 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

CISA: You've got two weeks to patch Citrix NetScaler vulnerability CVE-2023-3519

Trust: 5.5

Fetched: July 23, 2023, 9:34 a.m., Published: July 21, 2023, 12:47 p.m.
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-3519

IoC scan scope in the registry

Trust: 3.25

Fetched: July 23, 2023, 9:24 a.m., Published: -
 Vulnerabilities: file execution
Affected productsExternal IDs

Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 3.75

Fetched: July 23, 2023, 9:08 a.m., Published: July 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771