VARIoT latest news about IoT security

Top Trending CVEs of March 2023 \| NopSec Trust: 4.5 Fetched: May 3, 2023, 9:15 a.m., Published: March 30, 2023, 4:22 p.m.	Vulnerabilities: privilege escalation, code execution, buffer overflow...

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	vivo	model:	modems
vendor:	vivo	model:	modem
vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	exynos

db:

NVD

ids:

CVE-2023-26497, CVE-2023-23415, CVE-2023-23392, CVE-2023-26498, CVE-2023-26496, CVE-2023-23397, CVE-2023-24033

Cisco TelePresence Collaboration Endpoint and RoomOS Arbitrary File Write Vulnerabilities Trust: 5.5 Fetched: May 3, 2023, 9:14 a.m., Published: April 19, 2023, 3:47 p.m.	Vulnerabilities: privilege escalation, file overwrite vulnerability, improper access control...

Affected products

External IDs

vendor:	cisco	model:	dx80
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	telepresence mx series
vendor:	cisco	model:	series
vendor:	cisco	model:	webex
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	telepresence sx series
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	telepresence ce
vendor:	cisco	model:	roomos
vendor:	cisco	model:	dx70

db:

NVD

ids:

CVE-2023-20092, CVE-2023-20090, CVE-2023-20004, CVE-2023-20094, CVE-2023-20093, CVE-2023-20091

Microsoft Teams Rooms security - Microsoft Teams \| Microsoft Learn Trust: 3.75 Fetched: May 3, 2023, 9:14 a.m., Published: April 18, 2023, midnight	Vulnerabilities: default password

Affected products

External IDs

vendor:

google

model:

android

Cisco Cyber Vision Data Sheet - Cisco Trust: 3.5 Fetched: May 2, 2023, 9:22 a.m., Published: April 24, 2023, 1:24 p.m.	Vulnerabilities: default password

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	cisco integrated management controller
vendor:	cisco	model:	integrated management controller
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	series
vendor:	cisco	model:	ic3000
vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	series switch
vendor:	cisco	model:	ucs director
vendor:	cisco	model:	routers
vendor:	cisco	model:	firepower
vendor:	cisco	model:	ucs performance manager
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco	model:	cisco imc supervisor
vendor:	cisco	model:	series routers
vendor:	cisco	model:	router
vendor:	cisco	model:	imc supervisor
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ucs director
vendor:	cisco	model:	cisco ic3000 industrial compute gateway
vendor:	cisco	model:	ic3000 industrial compute gateway
vendor:	cisco	model:	ucs central software
vendor:	cisco	model:	umbrella

CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability - Blog \| Tenable® Trust: 5.5 Fetched: May 2, 2023, 9:22 a.m., Published: April 21, 2023, 2:04 p.m.	Vulnerabilities: os command injection, directory traversal, command injection...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-31706, CVE-2023-20864, CVE-2023-20865, CVE-2022-31710

Hackers can open Nexx garage doors remotely, and there's no fix Trust: 5.0 Fetched: May 2, 2023, 9:21 a.m., Published: -	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1749, CVE-2023-1748, CVE-2023-1751, CVE-2023-1752, CVE-2023-1750

Full Disclosure: Security vulnerabilities in Telit Cinterion IoT (formerly Thales) devices Trust: 3.5 Fetched: May 2, 2023, 9:19 a.m., Published: May 2, 2020, midnight	Vulnerabilities: path traversal, code execution, privilege elevation

Affected products

External IDs

db:

NVD

ids:

CVE-2020-15858

Fortinet FortiOS and Fortiproxy Vulnerability \| CVE-2023-25610 - YouTube Trust: 3.0 Fetched: May 2, 2023, 9:19 a.m., Published: March 9, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-25610

Mirai botnet hackers targeting TP-Link router zero-day vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202303-1268 Trust: 3.75 Fetched: May 2, 2023, 9:18 a.m., Published: April 25, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

tp-link

model:

routers

db:

NVD

ids:

CVE-2023-1389

US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-201707-0964 Trust: 3.75 Fetched: May 2, 2023, 9:17 a.m., Published: April 19, 2023, 9:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2017-6742

Critical bug in genome sequencing device scores '10' on CVSS ratings \| SC Media Trust: 4.0 Fetched: May 2, 2023, 9:15 a.m., Published: April 28, 2023, 7:21 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1966, CVE-2023-1968

FDA, CISA: Illumina Medical Devices Vulnerable to Remote Hacking - SecurityWeek Trust: 3.0 Fetched: May 2, 2023, 9:14 a.m., Published: April 28, 2023, 11:33 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1966, CVE-2023-1968

Sophos Patches Critical Code Execution Vulnerability in Web Security Appliance - SecurityWeek Trust: 5.75 Fetched: May 2, 2023, 9:13 a.m., Published: April 7, 2023, 10:50 a.m.	Vulnerabilities: code execution, cross-site scripting, command injection

Affected products

External IDs

vendor:	sophos	model:	firewall
vendor:	sophos	model:	web appliance
vendor:	sophos	model:	sophos web appliance

db:

NVD

ids:

CVE-2022-4934, CVE-2020-36692, CVE-2023-1671

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products Trust: 5.5 Fetched: April 30, 2023, 9:11 a.m., Published: April 21, 2023, 5:41 a.m.	Vulnerabilities: authentication bypass, code execution, command injection

Affected products

External IDs

vendor:	cisco	model:	cisco industrial network director
vendor:	cisco	model:	industrial network director

db:

NVD

ids:

CVE-2023-20036, CVE-2023-20865, CVE-2023-20039, CVE-2023-20154, CVE-2022-31704, CVE-2023-20864, CVE-2022-31706

Siemens CPCI85 Firmware of SICAM A8000 Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202304-0672 Trust: 4.25 Fetched: April 30, 2023, 9:07 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:	siemens	model:	sicam
vendor:	siemens	model:	sicam a8000

db:

NVD

ids:

CVE-2023-28489

CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability - Blog \| Tenable® Trust: 5.5 Fetched: April 30, 2023, 9:07 a.m., Published: April 21, 2023, 2:04 p.m.	Vulnerabilities: directory traversal, code execution, command injection...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2023-20865, CVE-2023-20864, CVE-2022-31710, CVE-2022-31706

Update now: VMWare issues updates for multiple vulnerabilities Trust: 3.0 Fetched: April 30, 2023, 9:07 a.m., Published: April 28, 2023, 11:46 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20870, CVE-2023-20871, CVE-2023-20869, CVE-2023-20872

Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks - Patch Now Related entries in the VARIoT vulnerabilities database: VAR-202304-2162, VAR-202304-2073, VAR-202304-1973 Trust: 5.75 Fetched: April 30, 2023, 9:06 a.m., Published: April 28, 2023, 11:41 a.m.	Vulnerabilities: code execution, command injection, buffer overflow

Affected products

External IDs

vendor:

zyxel

model:

zywall

db:

NVD

ids:

CVE-2022-43389, CVE-2023-27991, CVE-2023-28771, CVE-2023-22913, CVE-2023-22918

Threat actor APT28 targets Cisco routers with an old vulnerability Related entries in the VARIoT vulnerabilities database: VAR-201707-0964 Trust: 4.75 Fetched: April 30, 2023, 9:06 a.m., Published: April 28, 2023, 4:36 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:	cisco systems	model:	router
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	cisco routers
vendor:	trend	model:	security
vendor:	trend micro	model:	security
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco routers

db:

NVD

ids:

CVE-2017-6742

Apple Rushes Out Software Patch to Fix Crypto Vulnerability Trust: 4.0 Fetched: April 28, 2023, 9:27 a.m., Published: April 18, 2023, 2:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-28205, CVE-2023-28206

VARIoT news about IoT security