Sign-up

VARIoT news about IoT security

24-008 (February 13, 2024) - Threat Encyclopedia

Trust: 3.75

Fetched: Feb. 14, 2024, 10:02 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: request forgery, security feature bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2023-31102, CVE-2023-46262, CVE-2024-21412, CVE-2023-42000, CVE-2023-41998, CVE-2023-48646

System BIOS komputerów Dell Precision 3540 i Latitude 5400/5500 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 14, 2024, 10:02 a.m., Published: Feb. 14, 3540, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: latitude
vendor: dell model: bios

A Complete Guide to Zero-Day Vulnerability | Indusface Blog

Trust: 4.5

Fetched: Feb. 14, 2024, 10:01 a.m., Published: Feb. 5, 2024, 9:43 a.m.
 Vulnerabilities: privilege escalation, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2023-42793

Exploiting Ivanti vulnerability to install “DSLog” backdoor on more than 670 IT infrastructures - Paxton Willson

Trust: 4.0

Fetched: Feb. 14, 2024, 10 a.m., Published: Feb. 13, 2024, 9:04 a.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21893

System BIOS komputerów Dell Vostro 3405 i Inspiron 3505 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 14, 2024, 9:57 a.m., Published: Feb. 14, 3405, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

A look at Fortinet's week to forget • The Register

Trust: 4.75

Fetched: Feb. 14, 2024, 9:56 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23108, CVE-2023-34992, CVE-2024-23113, CVE-2024-23109

Apple resolves 2024’s first zero-day exploited via WebKit

Trust: 4.5

Fetched: Feb. 14, 2024, 9:56 a.m., Published: Feb. 3, 2024, midnight
 Vulnerabilities: resource exhaustion, command injection, authentication bypass
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
db: NVD ids: CVE-2024-23222, CVE-2024-21887, CVE-2023-46805

How Much Does It Cost to Install a Smart Home Panel? - ByRetreat

Trust: 3.5

Fetched: Feb. 14, 2024, 9:55 a.m., Published: Jan. 31, 2024, 2:56 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

WyreStorm Apollo VX20 - Information Disclosure - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Feb. 14, 2024, 9:54 a.m., Published: Feb. 12, 2024, 10:32 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs

Ivanti Discloses High-Severity Authentication Bypass Vulnerability in Gateway Devices

Trust: 3.25

Fetched: Feb. 14, 2024, 9:49 a.m., Published: Feb. 9, 2024, 3:52 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893

Ivanti Discloses Fifth Major VPN Vulnerability In A Month

Trust: 4.5

Fetched: Feb. 14, 2024, 9:49 a.m., Published: Feb. 8, 2024, 4:51 p.m.
 Vulnerabilities: request forgery, command injection, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: policy secure
vendor: pulse secure model: connect secure
vendor: google model: nexus
db: NVD ids: CVE-2024-22024, CVE-2024-21887, CVE-2023-46805, CVE-2024-21893

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures | MrHacker

Trust: 4.0

Fetched: Feb. 14, 2024, 9:43 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21893

Ivanti Finds Another High Severity Vulnerability | MSSP Alert

Trust: 3.0

Fetched: Feb. 14, 2024, 9:40 a.m., Published: Feb. 13, 2024, 6:29 p.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893

Hackers Exploit Ivanti Vulnerability to Deploy DSLog Backdoor | Black Hat Ethical Hacking

Trust: 3.25

Fetched: Feb. 14, 2024, 9:40 a.m., Published: Feb. 13, 2024, 10:08 a.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21893

Exploiting Ivanti vulnerability to install “DSLog” backdoor on more than 670 IT infrastructures - Mary Ashley

Trust: 4.0

Fetched: Feb. 14, 2024, 9:39 a.m., Published: Feb. 13, 2024, 8:27 a.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21893

What Is the Difference Between Zigbee and Knx? - ByRetreat

Trust: 3.5

Fetched: Feb. 14, 2024, 9:36 a.m., Published: Jan. 29, 2024, 10:24 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

Trust: 3.5

Fetched: Feb. 14, 2024, 9:30 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-21412, CVE-2023-36025

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

Trust: 3.5

Fetched: Feb. 14, 2024, 9:29 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-21412, CVE-2023-36025

Three API Vulnerabilities Found in Cisco Expressway Series Devices

Trust: 3.0

Fetched: Feb. 14, 2024, 9:29 a.m., Published: Feb. 8, 2024, 6:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: expressway
vendor: cisco model: expressway series
vendor: cisco model: series
vendor: cisco model: cisco expressway

New WiFi Authentication Vulnerabilities Discovered

Trust: 4.75

Fetched: Feb. 14, 2024, 9:28 a.m., Published: Feb. 3, 2024, midnight
 Vulnerabilities: traffic interception
Affected productsExternal IDs
db: NVD ids: CVE-2023-52160, CVE-2023-52161