VARIoT latest news about IoT security

Exchange zero-day corrected on November Patch Tuesday Trust: 4.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: code execution, security feature bypass, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41349, CVE-2021-42305, CVE-2021-42292, CVE-2021-42321, CVE-2021-38631, CVE-2021-43209, CVE-2021-42298, CVE-2021-43208, CVE-2021-26443, CVE-2021-41371

[Updated, again] Apache fixes zero-day vulnerability in HTTP Server \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202110-1691, VAR-202110-1571, VAR-202110-1690 Trust: 4.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Oct. 6, 2021, 2:23 p.m.	Vulnerabilities: denial of service, path traversal, traversal attack

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41773, CVE-2021-41524, CVE-2021-42013

Eighteen high severity vulnerabilities remediated in AMD's Radeon graphics driver packages \| TechSpot Trust: 3.0 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

Vulnerability in MediaTek chipsets discovered, promptly fixed - GSMArena.com news Trust: 3.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Nov. 24, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	check point	model:	check point

NVD - CVE-2021-34765 Related entries in the VARIoT vulnerabilities database: VAR-202109-0624 Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	nexus
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	nexus

db:

NVD

ids:

CVE-2021-34765

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202111-0418, VAR-202110-1353, VAR-202110-1352, VAR-202109-0618, VAR-202110-0617, VAR-202111-1198, VAR-202110-0622, VAR-202110-0211, VAR-202110-1354, VAR-202110-1395, VAR-202110-1366, VAR-202109-0617, VAR-202110-0203, VAR-202111-0417, VAR-202111-0393, VAR-202111-1197, VAR-202111-0412, VAR-202109-0631, VAR-202110-1367, VAR-202111-0664, VAR-202110-1350, VAR-202108-0823, VAR-202110-1298, VAR-202110-1392, VAR-202109-0623, VAR-202110-1376, VAR-202108-0824, VAR-202110-1065, VAR-202111-0413, VAR-202110-1351, VAR-202110-1394, VAR-202111-0419, VAR-202110-1402, VAR-202110-0209, VAR-202110-0619, VAR-202109-0624, VAR-202110-1297, VAR-202110-1377, VAR-202110-0212, VAR-202110-0623, VAR-202110-1286, VAR-202110-0618, VAR-202110-0213, VAR-202111-0401, VAR-202109-0622, VAR-202111-1196, VAR-202110-1375, VAR-202110-1393, VAR-202111-0400, VAR-202110-1305 Trust: 5.25 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: resource exhaustion, injection attack, open redirect attack...

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	mesh	model:	mesh
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	roomos
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	routers
vendor:	cisco	model:	small business
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	webex
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	unified communications

db:

NVD

ids:

CVE-2021-34774, CVE-2021-40114, CVE-2021-40116, CVE-2021-34786, CVE-2021-40123, CVE-2021-40129, CVE-2021-34789, CVE-2021-34758, CVE-2021-34787, CVE-2021-34781, CVE-2021-34764, CVE-2021-34785, CVE-2021-34782, CVE-2021-34784, CVE-2021-40126, CVE-2021-40130, CVE-2021-40124, CVE-2021-34771, CVE-2021-34763, CVE-2021-40119, CVE-2021-40118, CVE-2021-34745, CVE-2021-34755, CVE-2021-34791, CVE-2021-34759, CVE-2021-34793, CVE-2021-34749, CVE-2021-34762, CVE-2021-40120, CVE-2021-40117, CVE-2021-34783, CVE-2021-34773, CVE-2021-40125, CVE-2009-1234, CVE-2021-34748, CVE-2021-40121, CVE-2021-34765, CVE-2021-34756, CVE-2021-34792, CVE-2021-34766, CVE-2021-34760, CVE-2021-34754, CVE-2021-40122, CVE-2021-34772, CVE-2021-40115, CVE-2021-34746, CVE-2021-40131, CVE-2021-34794, CVE-2021-34790, CVE-2021-40128, CVE-2021-34761

Mobile Woman Sentenced for Social Security Benefits Fraud Scheme Targeting Vulnerable Residents of Her Group Homes \| USAO-SDAL \| Department of Justice Trust: 3.0 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Sept. 14, 2021, 7:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Many Healthcare, OT Systems Exposed to Attacks by NUCLEUS:13 Vulnerabilities \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202111-1605 Trust: 5.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 13, 2022, midnight	Vulnerabilities: denial of service, code execution, buffer overflow...

Affected products

External IDs

vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31886

14 New Vulnerabilities Discovered in BusyBox \| SecurityWeek.Com Trust: 4.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 14, 2022, midnight	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42374

Objects > Security Profiles > Vulnerability Protection Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 5, 2022, 2:53 p.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks

Patched macOS Catalina vulnerability targeted Hong Kong users \| AppleInsider Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 3.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-30869

Objects > Security Profiles > Vulnerability Protection Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 5, 2022, midnight	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks

Vulnerability in Cisco security devices could cause firewalls to fail \| Communications Today Related entries in the VARIoT vulnerabilities database: VAR-202005-0696, VAR-202005-0685, VAR-202007-1057, VAR-202110-1796 Trust: 5.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 26, 2021, 8:05 a.m.	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	device manager
vendor:	cisco	model:	firepower

db:

NVD

ids:

CVE-2020-3259, CVE-2020-3187, CVE-2020-3452, CVE-2021-34704

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices \| IT Security News Related entries in the VARIoT vulnerabilities database: VAR-201906-1344 Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 26, 2021, 3:13 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	asus	model:	router
vendor:	asus	model:	asus

db:

NVD

ids:

CVE-2019-7406

Cisco vulnerability could cause your firewalls to fail \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202110-1796 Trust: 5.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 3:20 a.m.	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-34704

A vulnerability was found in all current Windows that makes it easy to gain administrator rights - Aroged Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 4.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 9:47 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379

A vulnerability was found in modern MediaTek chips that allows you to eavesdrop on a smartphone - the company has already fixed everything - Aroged Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 24, 2021, 11:25 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	xiaomi	model:	redmi
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-0663, CVE-2021-0673, CVE-2021-0661, CVE-2021-0662

Cisco vulnerability could cause your firewalls to fail \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202110-1796 Trust: 5.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 3:20 a.m.	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-34704

US, UK, and Australian Agencies Issue Joint Cybersecurity Advisory on Iranian APT Groups Targeting Critical Infrastructure - CPO Magazine Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202008-0193, VAR-202007-0079 Trust: 4.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 6:27 a.m.	Vulnerabilities: privilege escalation, code execution, authentication vulnerability...

Affected products

External IDs

vendor:	filezilla	model:	server
vendor:	filezilla	model:	filezilla

db:

NVD

ids:

CVE-2018-13379, CVE-2019-5591, CVE-2021-34473, CVE-2020-12812

PrintNightmare CVE vulnerability walkthrough - Infosec Resources Related entries in the VARIoT vulnerabilities database: VAR-202106-0639, VAR-202107-1010 Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 3, 2021, 1:48 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-1675, CVE-2021-34527

VARIoT news about IoT security