VARIoT latest news about IoT security

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities - Cisco Trust: 5.0 Fetched: Aug. 23, 2024, 9:43 a.m., Published: Aug. 22, 2024, 8:55 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability Trust: 5.0 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Zero-Day Vulnerability In Arcadyan WiFi Devices Allows RCE for Root Access Trust: 4.5 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 22, 2024, 9:54 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-41992

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability Trust: 4.75 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: request forgery, cross-site request forgery

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco Unified Communications Manager Denial of Service Vulnerability Trust: 4.0 Fetched: Aug. 23, 2024, 9:34 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	unified communications

Report suggests TVs are more vulnerable to cyber-attack than other smart devices - Hiddenwires Magazine Trust: 4.75 Fetched: Aug. 23, 2024, 9:33 a.m., Published: July 16, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	router

Cloud Software Group Inc Patent for Credential Vulnerability Check Trust: 3.25 Fetched: Aug. 23, 2024, 9:33 a.m., Published: Aug. 23, 2024, 3:46 a.m.	Vulnerabilities: code execution

Affected products	External IDs

Google Pixel Devices Found Vulnerable Due To Pre-Installed App Trust: 4.25 Fetched: Aug. 23, 2024, 9:32 a.m., Published: Aug. 20, 2024, 7:30 a.m.	Vulnerabilities: code injection, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

Update now! Google Pixel vulnerability is under active exploitation \| Malwarebytes Trust: 3.75 Fetched: Aug. 23, 2024, 9:25 a.m., Published: June 13, 2024, 1:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-32896

IoT exploitation during security engagements Trust: 3.5 Fetched: Aug. 23, 2024, 9:25 a.m., Published: Aug. 8, 2024, midnight	Vulnerabilities: privilege escalation, command execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-30168, CVE-2024-30169

RADIUS/UDP vulnerable to improved MD5 collision attack Trust: 3.75 Fetched: Aug. 23, 2024, 9:21 a.m., Published: July 9, 2024, noon	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-3596

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 23, 2024, 9:18 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	software update
vendor:	apple	model:	ipod touch
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 23, 2024, 9:17 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	software update
vendor:	apple	model:	ipod touch
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 23, 2024, 9:16 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	software update
vendor:	apple	model:	ipod touch
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 23, 2024, 9:15 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	software update
vendor:	apple	model:	ipod touch
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	ipad

Vulnerability Fix to “5Ghoul” Affecting Teltonika 5G Devices \| Teltonika Trust: 3.25 Fetched: Aug. 23, 2024, 9:15 a.m., Published: May 23, 2050, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33043, CVE-2023-33042, CVE-2023-33044

CVE-2024-33896 - Cosy+ Devices Code Injection Vulnerability Trust: 5.0 Fetched: Aug. 21, 2024, 9:54 a.m., Published: Aug. 2, 2024, 6:16 p.m.	Vulnerabilities: code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-33896

Leveraging Shodan for Effective Device Discovery and Vulnerability Assessment - Dady News Media Related entries in the VARIoT vulnerabilities database: VAR-202007-1393 Trust: 5.25 Fetched: Aug. 21, 2024, 9:52 a.m., Published: Aug. 8, 2024, 3:30 p.m.	Vulnerabilities: default credentials, default password

Affected products

External IDs

vendor:	google	model:	home
vendor:	orange	model:	web server
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	routers
vendor:	sun microsystems	model:	java
vendor:	sun microsystems	model:	linux
vendor:	schneider	model:	modbus
vendor:	schneider	model:	premium
vendor:	schneider electric	model:	modbus
vendor:	schneider electric	model:	premium

db:

NVD

ids:

CVE-2020-5902

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! - Security Aid Trust: 3.5 Fetched: Aug. 21, 2024, 9:52 a.m., Published: July 31, 2024, 1:21 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

vendor:	apple	model:	software update
vendor:	apple	model:	ipad
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad air
vendor:	apple	model:	apple tv
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	watch
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung

From Cyber Security News - PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models - Threat Note Trust: 3.25 Fetched: Aug. 21, 2024, 9:50 a.m., Published: July 26, 2024, 8:42 a.m.	Vulnerabilities: code execution

Affected products	External IDs

VARIoT news about IoT security