VARIoT latest news about IoT security

Mozilla disables ‘low usage’ encryption feature to resolve Thunderbird HTTP/2 vulnerability \| The Daily Swig Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 8, 2021, 4:13 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38503, CVE-2021-38507, CVE-2021-38506

This chip flaw could have let malicious apps eavesdrop on Android phone users \| ZDNet Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 25, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	vivo	model:	vivo

db:

NVD

ids:

CVE-2021-0673, CVE-2021-0662, CVE-2021-0663, CVE-2021-0661

Vulnerabilities in MediaTek chips expose millions of Android devices to eavesdropping \| TechRadar Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 24, 2021, 4:48 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

check point

model:

check point

Update your Apple devices now. New Pegasus hack prompts company to issue new software to fix iMessage vulnerability. Trust: 3.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Sept. 13, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

iphone

All MediaTek processors found with vulnerabilities - GadgetMatch Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 26, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

axis

model:

axis

NVD - CVE-2021-21744 Related entries in the VARIoT vulnerabilities database: VAR-202110-0398 Trust: 3.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-21744

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities \| CISA Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Aug. 16, 2021, midnight	Vulnerabilities: code execution

Affected products	External IDs

A List of Vulnerabilities Abused by Ransomware Groups Released by Researchers Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202108-1914, VAR-202109-1909, VAR-201912-0828, VAR-201906-0815, VAR-202102-0898 Trust: 3.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Sept. 20, 2021, 12:58 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks

db:

NVD

ids:

CVE-2021-28799, CVE-2021-26857, CVE-2021-30119, CVE-2021-34527, CVE-2021-30120, CVE-2021-36942, CVE-2021-30116, CVE-2021-40444, CVE-2021-34523, CVE-2021-27065, CVE-2021-31207, CVE-2021-26858, CVE-2019-7481, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, CVE-2018-13379, CVE-2021-26855, CVE-2021-20016, CVE-2021-34473

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Oct. 27, 2021, 4:37 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	asa software
vendor:	cisco	model:	cisco adaptive security appliance software
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	cisco firepower management center

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-1350, VAR-202110-1352, VAR-202110-0212, VAR-202110-1351, VAR-202111-0412, VAR-202110-1395, VAR-202110-1377, VAR-202110-0203, VAR-202110-1366, VAR-202109-0618, VAR-202110-1402, VAR-202110-1353, VAR-202110-0623, VAR-202111-1198, VAR-202110-1375, VAR-202110-1376, VAR-202110-1286, VAR-202110-1065, VAR-202109-0622, VAR-202109-0617, VAR-202110-0213, VAR-202110-1298, VAR-202110-0209, VAR-202108-0823, VAR-202110-1367, VAR-202110-1354, VAR-202111-0419, VAR-202110-1297, VAR-202111-0400, VAR-202110-0617, VAR-202110-1305, VAR-202110-0211, VAR-202109-0623, VAR-202111-0401, VAR-202111-0418, VAR-202111-0393, VAR-202110-0618, VAR-202110-0622, VAR-202111-0417, VAR-202110-1392, VAR-202108-0824, VAR-202111-0413, VAR-202111-0664, VAR-202111-1196, VAR-202111-1197, VAR-202109-0624, VAR-202109-0631, VAR-202110-0619, VAR-202110-1394, VAR-202110-1393 Trust: 5.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: directory traversal, traversal attack, cross-site scripting...

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	mesh	model:	mesh
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	small business
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	series
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	nexus
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	webex
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	meeting
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	roomos
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	routers
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	policy suite

db:

NVD

ids:

CVE-2021-40118, CVE-2021-40116, CVE-2021-34766, CVE-2021-40117, CVE-2021-40124, CVE-2021-34781, CVE-2021-34792, CVE-2021-34782, CVE-2021-34764, CVE-2021-34786, CVE-2021-40125, CVE-2021-40114, CVE-2021-34760, CVE-2021-40129, CVE-2021-34794, CVE-2021-34793, CVE-2021-34754, CVE-2021-34762, CVE-2021-34746, CVE-2021-34785, CVE-2021-34772, CVE-2021-34755, CVE-2021-34748, CVE-2021-34745, CVE-2021-34763, CVE-2021-34787, CVE-2021-34773, CVE-2021-34756, CVE-2021-40128, CVE-2021-40123, CVE-2021-34761, CVE-2021-34758, CVE-2021-34759, CVE-2021-40115, CVE-2009-1234, CVE-2021-34774, CVE-2021-40126, CVE-2021-40122, CVE-2021-34789, CVE-2021-34784, CVE-2021-34791, CVE-2021-34749, CVE-2021-40120, CVE-2021-40119, CVE-2021-40131, CVE-2021-40130, CVE-2021-34765, CVE-2021-34771, CVE-2021-40121, CVE-2021-34783, CVE-2021-34790

Zoom security issues: Everything that's gone wrong (so far) \| Tom's Guide Trust: 3.25 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Dec. 7, 2021, 8:02 p.m.	Vulnerabilities: encryption issue, code execution

Affected products

External IDs

vendor:	trend micro	model:	antivirus
vendor:	trend micro	model:	security
vendor:	google	model:	home
vendor:	google	model:	chrome os
vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	check point	model:	check point
vendor:	cisco	model:	small business
vendor:	cisco	model:	webex
vendor:	cisco	model:	meeting
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	series
vendor:	zoom	model:	zoom client
vendor:	zoom	model:	zoom
vendor:	zoom	model:	client
vendor:	trend	model:	antivirus
vendor:	trend	model:	security
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	iphone

Vulnerability in Cisco security devices could cause firewalls to fail Related entries in the VARIoT vulnerabilities database: VAR-202005-0685, VAR-202110-1796, VAR-202005-0696, VAR-202007-1057 Trust: 5.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 23, 2021, 6:15 p.m.	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	device manager
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2020-3187, CVE-2021-34704, CVE-2020-3259, CVE-2020-3452

NVD - CVE-2021-1615 Related entries in the VARIoT vulnerabilities database: VAR-202109-0243 Trust: 5.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	wireless controller
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	cisco systems
vendor:	cisco	model:	wireless controller
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco systems

db:

NVD

ids:

CVE-2021-1615

Update your iPhone: Apple releases security patch for an active exploit - CNET Trust: 5.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	icloud
vendor:	apple	model:	iphone

Cisco fixes hard-coded credentials and default SSH key issues Related entries in the VARIoT vulnerabilities database: VAR-202109-1909, VAR-202111-0664 Trust: 3.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 4, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	policy suite software
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	series
vendor:	cisco	model:	series switches
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	policy suite

db:	NVD	ids:	cve-2021-40444, CVE-2021-34795, CVE-2021-40444, CVE-2021-40119
db:	POSIVITIVE TECHNOLOGY	ids:	ID:10

Positive Technologies Uncovers Vulnerabilities in PAX Point-of-Sale Terminals That Could Be Exploited to Commit Fraud Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: privilege escalation, buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2020-28892, CVE-2020-29044, CVE-2020-28891

Critical vulnerabilities expose Cisco equipment to hijacking attacks \| TechRadar Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 5, 2021, 1:28 p.m.	Vulnerabilities: injection attack, command injection

Affected products

External IDs

vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	series switches
vendor:	cisco	model:	series
vendor:	cisco	model:	policy suite

db:

NVD

ids:

CVE-2021-34795, CVE-2021-40112, CVE-2021-40113

NUCLEUS:13 - Host of vulnerabilities shatter Nucelus TCP/IP stack defenses \| The Daily Swig Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202111-1613, VAR-202111-1616, VAR-202111-1604, VAR-202111-1608, VAR-202111-1607, VAR-202111-1611, VAR-202111-1615, VAR-202111-1606, VAR-202111-1612, VAR-202111-1609, VAR-202111-1610 Trust: 4.5 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 22, 2021, 11:09 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31886, CVE-2021-31344, CVE-2021-31888, CVE-2021-31887, CVE-2021-31883, CVE-2021-31884, CVE-2021-31346, CVE-2021-31889, CVE-2021-31885, CVE-2021-31345, CVE-2021-31882, CVE-2021-31881

Check Point Research discover vulnerabilities in smartphones chips embedded in 37% of smartphones around the world - Check Point Software Trust: 4.75 Fetched: Nov. 26, 2021, 7:29 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	vivo	model:	vivo
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-0663, CVE-2021-0662, CVE-2021-0673, CVE-2021-0661

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices Trust: 4.0 Fetched: Nov. 26, 2021, 7:29 a.m., Published: Nov. 10, 2021, 8:08 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42386, CVE-2021-42373, CVE-2021-42376, CVE-2021-42379, CVE-2021-42381, CVE-2021-42378, CVE-2021-42374, CVE-2021-42375, CVE-2021-42383, CVE-2021-42384, CVE-2021-42377, CVE-2021-42380, CVE-2021-42382, CVE-2021-42385

VARIoT news about IoT security