VARIoT latest news about IoT security

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software Related entries in the VARIoT vulnerabilities database: VAR-202109-0245 Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 24, 2021, 7:26 a.m.	Vulnerabilities: buffer overflow, code execution, authentication bypass

Affected products

External IDs

vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	cisco sd-wan
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	asr 1000
vendor:	cisco systems	model:	asr 1000 series
vendor:	cisco systems	model:	sd-wan vmanage software
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	series integrated services routers
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	wireless controller
vendor:	cisco systems	model:	sd-wan
vendor:	cisco systems	model:	cloud services router 1000v
vendor:	cisco systems	model:	cloud services router
vendor:	cisco systems	model:	router
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	sd-wan vmanage
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	integrated services routers
vendor:	cisco systems	model:	1000v
vendor:	cisco systems	model:	ios xe sd-wan software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	asr 1000
vendor:	cisco	model:	asr 1000 series
vendor:	cisco	model:	sd-wan vmanage software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	routers
vendor:	cisco	model:	series integrated services routers
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	wireless controller
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	cloud services router 1000v
vendor:	cisco	model:	cloud services router
vendor:	cisco	model:	router
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	series
vendor:	cisco	model:	integrated services routers
vendor:	cisco	model:	1000v
vendor:	cisco	model:	ios xe sd-wan software

db:

NVD

ids:

CVE-2021-1619, CVE-2021-34727, CVE-2021-34770

CVE - CVE-2021-1450 Trust: 5.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	anyconnect secure mobility client
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco anyconnect secure mobility client

db:

NVD

ids:

CVE-2021-1450

Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions - Microsoft Security Response Center Trust: 4.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 5, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38645, CVE-2021-38648, CVE-2021-38647, CVE-2021-38649

25+ Cyber Security Vulnerability Statistics and Facts of 2022 Trust: 4.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 15, 2021, 1:46 p.m.	Vulnerabilities: improper access control, cross-site scripting, information leakage...

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks

db:

NVD

ids:

CVE-1999-0517, CVE-2017-0144

Apple Issues Urgent Software Update To Patch Spyware Vulnerability \| ZeroHedge Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

cve-2021-30858

What’s the Most Vulnerable Device in Your Home? It’s Not What You Think Trust: 3.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 13, 2021, 8:59 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

essential

model:

phone

Windows RDP Client Porting Critical Vulnerabilities to Hyper-V Manager \| McAfee Blogs Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, 6:02 p.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2020-1374, CVE-2021-38666, CVE-2021-34535, CVE-2019-0708

Apple Data Breaches: Full Timeline Through 2021 Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Sept. 15, 2021, 5 a.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

Demon's Cries vulnerability (some NETGEAR smart switches) - gynvael.coldwind//vx.log Related entries in the VARIoT vulnerabilities database: VAR-202109-1066 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 17, 2021, midnight	Vulnerabilities: buffer overflow, authentication bypass

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	netgear	model:	gs750e
vendor:	netgear	model:	gs752tpv2
vendor:	netgear	model:	gs108e
vendor:	netgear	model:	gs724tpv2
vendor:	netgear	model:	gs728tppv2
vendor:	netgear	model:	gs105e
vendor:	netgear	model:	gs752tpp
vendor:	netgear	model:	gs728tpv2

db:

NVD

ids:

CVE-2021-40866

iPhone Security Vulnerability Can Expose Users to Hackers: How to Fix Major Issue \| iTech Post Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 4.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Oct. 12, 2021, 2:13 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2021-30883

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1393, VAR-202110-1352, VAR-202110-0623, VAR-202110-0209, VAR-202111-0417, VAR-202110-1305, VAR-202108-0824, VAR-202110-1377, VAR-202111-0393, VAR-202111-0401, VAR-202110-1065, VAR-202109-0618, VAR-202111-0418, VAR-202110-0211, VAR-202110-1375, VAR-202110-1395, VAR-202110-0582, VAR-202110-0619, VAR-202110-1353, VAR-202110-0583, VAR-202111-0412, VAR-202110-0212, VAR-202110-1297, VAR-202110-1286, VAR-202110-0618, VAR-202111-0419, VAR-202110-1402, VAR-202110-0622, VAR-202110-1394, VAR-202110-1366, VAR-202110-0207, VAR-202110-1298, VAR-202110-1354, VAR-202109-0622, VAR-202108-0823, VAR-202109-0623, VAR-202109-0617, VAR-202110-1392, VAR-202110-0203, VAR-202110-0617, VAR-202111-0413, VAR-202111-0400, VAR-202110-1350, VAR-202110-1351, VAR-202109-0631, VAR-202110-1376, VAR-202111-0664, VAR-202110-1367, VAR-202109-0624, VAR-202110-0213 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: cross-site scripting, resource exhaustion, command injection...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	snort	model:	snort
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	dna center
vendor:	cisco	model:	nexus
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	small business
vendor:	cisco	model:	series
vendor:	cisco	model:	webex
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	routers
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco unified communications manager

db:

NVD

ids:

CVE-2021-34790, CVE-2021-40116, CVE-2021-34760, CVE-2021-34748, CVE-2021-34784, CVE-2021-34761, CVE-2021-34749, CVE-2021-34792, CVE-2021-40126, CVE-2021-40115, CVE-2021-34762, CVE-2021-34786, CVE-2021-34774, CVE-2021-34758, CVE-2021-34794, CVE-2021-34781, CVE-2021-34743, CVE-2021-40121, CVE-2021-40114, CVE-2021-34738, CVE-2021-40124, CVE-2021-34766, CVE-2021-34756, CVE-2021-34754, CVE-2021-40122, CVE-2021-34773, CVE-2021-40125, CVE-2021-34789, CVE-2021-34783, CVE-2021-34764, CVE-2021-34742, CVE-2021-34755, CVE-2021-34787, CVE-2021-34746, CVE-2021-34745, CVE-2021-34759, CVE-2021-34785, CVE-2021-34791, CVE-2009-1234, CVE-2021-34782, CVE-2021-40123, CVE-2021-40120, CVE-2021-40128, CVE-2021-40118, CVE-2021-40117, CVE-2021-34771, CVE-2021-34793, CVE-2021-40119, CVE-2021-34763, CVE-2021-34765, CVE-2021-34772

13 Siemens Nucleus RTOS TCP/IP Stack Vulnerabilities Identified in Medical Devices - HIPAA Guidelines 101 Trust: 4.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 16, 2021, 10:07 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus source code
vendor:	siemens	model:	vstar
vendor:	siemens	model:	nucleus readystart
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability - Cisco Trust: 3.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 20, 2021, 3:12 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco firepower threat defense software
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower management center

Medical devices at risk from Siemens Nucleus vulnerabilities Trust: 4.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, midnight	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:

siemens

model:

nucleus

NUCLEUS:13 vulnerabilities impact Siemens medical & industrial equipment - The Record by Recorded Future Trust: 3.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 9, 2021, 4:05 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

siemens

model:

nucleus

Google Reveals 'Watering Hole' Attack Targeting Apple Device Owners \| PCMag Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 3.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	webkit
vendor:	apple	model:	watch
vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2021-30869, CVE-2021-37973, CVE-2021-37976

Critical security vulnerabilities put millions of healthcare devices at risk \| TechRadar Trust: 3.75 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 10, 2021, 4:15 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

siemens

model:

nucleus

Flaws in the Nucleus embedded TCP/IP stack puts critical systems at risk \| CSO Online Related entries in the VARIoT vulnerabilities database: VAR-202111-1616, VAR-202111-1605, VAR-202111-1604 Trust: 5.5 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 11, 2021, 7 a.m.	Vulnerabilities: denial of service, buffer overflow, improper validation...

Affected products

External IDs

vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31888, CVE-2021-31886, CVE-2021-31887

This dangerous Intel CPU vulnerability could allow attackers to break into your laptop \| TechRadar Trust: 4.0 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Nov. 16, 2021, 11:12 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0146

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1393, VAR-202110-1352, VAR-202110-0623, VAR-202110-0209, VAR-202111-0417, VAR-202110-1305, VAR-202108-0824, VAR-202110-1377, VAR-202111-0393, VAR-202111-0401, VAR-202110-1065, VAR-202109-0618, VAR-202111-0418, VAR-202110-0211, VAR-202110-1375, VAR-202110-1395, VAR-202110-0582, VAR-202110-0619, VAR-202110-1353, VAR-202110-0583, VAR-202111-0412, VAR-202110-0212, VAR-202110-1297, VAR-202110-1286, VAR-202110-0618, VAR-202111-0419, VAR-202110-1402, VAR-202110-0622, VAR-202110-1394, VAR-202110-1366, VAR-202110-0207, VAR-202110-1298, VAR-202110-1354, VAR-202109-0622, VAR-202108-0823, VAR-202109-0623, VAR-202109-0617, VAR-202110-1392, VAR-202110-0203, VAR-202110-0617, VAR-202111-0413, VAR-202111-0400, VAR-202110-1350, VAR-202110-1351, VAR-202109-0631, VAR-202110-1376, VAR-202111-0664, VAR-202110-1367, VAR-202109-0624, VAR-202110-0213 Trust: 5.25 Fetched: Nov. 16, 2021, 1:27 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: cross-site scripting, resource exhaustion, command injection...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	snort	model:	snort
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	dna center
vendor:	cisco	model:	nexus
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	small business
vendor:	cisco	model:	series
vendor:	cisco	model:	webex
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	routers
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco unified communications manager

db:

NVD

ids:

CVE-2021-34790, CVE-2021-40116, CVE-2021-34760, CVE-2021-34748, CVE-2021-34784, CVE-2021-34761, CVE-2021-34749, CVE-2021-34792, CVE-2021-40126, CVE-2021-40115, CVE-2021-34762, CVE-2021-34786, CVE-2021-34774, CVE-2021-34758, CVE-2021-34794, CVE-2021-34781, CVE-2021-34743, CVE-2021-40121, CVE-2021-40114, CVE-2021-34738, CVE-2021-40124, CVE-2021-34766, CVE-2021-34756, CVE-2021-34754, CVE-2021-40122, CVE-2021-34773, CVE-2021-40125, CVE-2021-34789, CVE-2021-34783, CVE-2021-34764, CVE-2021-34742, CVE-2021-34755, CVE-2021-34787, CVE-2021-34746, CVE-2021-34745, CVE-2021-34759, CVE-2021-34785, CVE-2021-34791, CVE-2009-1234, CVE-2021-34782, CVE-2021-40123, CVE-2021-40120, CVE-2021-40128, CVE-2021-40118, CVE-2021-40117, CVE-2021-34771, CVE-2021-34793, CVE-2021-40119, CVE-2021-34763, CVE-2021-34765, CVE-2021-34772

VARIoT news about IoT security