VARIoT latest news about IoT security

Vulnerability Summary for the Week of September 18, 2023 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202309-2445, VAR-202309-2527, VAR-202309-1119, VAR-202309-2116, VAR-202309-2529, VAR-202309-1787, VAR-202309-2195, VAR-202309-0777, VAR-202309-1523, VAR-202309-1767, VAR-202309-1522, VAR-202309-2275, VAR-202309-2381, VAR-202309-2098, VAR-202309-2274, VAR-202309-1784, VAR-202309-2366, VAR-202309-2442, VAR-202309-1870, VAR-202309-1521 Trust: 6.25 Fetched: Nov. 22, 2023, 9:15 a.m., Published: Sept. 18, 2023, midnight	Vulnerabilities: weak password, denial of service, default password...

Affected products

External IDs

vendor:	mitsubishi	model:	coreos
vendor:	windriver	model:	linux
vendor:	windriver	model:	river vxworks
vendor:	windriver	model:	vxworks
vendor:	juplink	model:	rx4-1500
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	cups
vendor:	trend	model:	security
vendor:	trend	model:	worry-free business security
vendor:	trend	model:	worry-free business security services
vendor:	trend micro	model:	security
vendor:	trend micro	model:	worry-free business security
vendor:	trend micro	model:	worry-free business security services
vendor:	node.js	model:	node.js
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	note
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	mitsubishi electric corporation	model:	coreos
vendor:	coreos	model:	linux
vendor:	nozomi	model:	guardian
vendor:	nozomi	model:	networks guardian
vendor:	d-link	model:	dir-823g
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-816
vendor:	d-link	model:	dir-806
vendor:	d-link	model:	dir-816 a2
vendor:	tp-link	model:	tl-er5120g
vendor:	tp-link	model:	er5120g
vendor:	netatalk	model:	netatalk
vendor:	tplink	model:	tl-er5120g
vendor:	tplink	model:	er5120g
vendor:	trendmicro	model:	security
vendor:	trendmicro	model:	worry-free business security
vendor:	trendmicro	model:	worry-free business security services
vendor:	mitsubishi_electric	model:	coreos
vendor:	nagios	model:	nagios xi
vendor:	mitsubishi electric	model:	coreos
vendor:	cups	model:	cups
vendor:	tenda	model:	router

db:

NVD

ids:

CVE-2023-42821, CVE-2023-31012, CVE-2019-19450, CVE-2023-43128, CVE-2023-42451, CVE-2023-43134, CVE-2023-43144, CVE-2023-26143, CVE-2023-43766, CVE-2023-43238, CVE-2023-25529, CVE-2023-37410, CVE-2023-32186, CVE-2023-38356, CVE-2023-23364, CVE-2023-4236, CVE-2023-34195, CVE-2023-43115, CVE-2023-43130, CVE-2023-40989, CVE-2023-43373, CVE-2023-40018, CVE-2023-43633, CVE-2023-41374, CVE-2023-43470, CVE-2022-4039, CVE-2023-42807, CVE-2023-32182, CVE-2023-42526, CVE-2023-36109, CVE-2023-43241, CVE-2023-43371, CVE-2023-43477, CVE-2023-4088, CVE-2023-43201, CVE-2023-43478, CVE-2023-43204, CVE-2023-43765, CVE-2023-2163, CVE-2023-42464, CVE-2023-43635, CVE-2023-39677, CVE-2023-43137, CVE-2022-3874, CVE-2023-32184, CVE-2023-43620, CVE-2023-41993, CVE-2023-41179, CVE-2023-25525, CVE-2023-38039, CVE-2023-38507, CVE-2023-42810, CVE-2023-31009, CVE-2023-34575, CVE-2023-5009, CVE-2023-37279, CVE-2023-43375, CVE-2023-42321, CVE-2023-34577, CVE-2023-42798, CVE-2023-43783, CVE-2023-31015, CVE-2023-43138, CVE-2023-43764, CVE-2023-43236, CVE-2023-41375, CVE-2023-43468, CVE-2023-40934, CVE-2023-42387, CVE-2023-42328, CVE-2023-43497, CVE-2023-4096, CVE-2019-17626, CVE-2023-43197, CVE-2023-43202, CVE-2023-43200, CVE-2023-31010, CVE-2023-43270, CVE-2023-41484, CVE-2023-43274, CVE-2023-42450, CVE-2023-43206, CVE-2023-3932, CVE-2023-0829, CVE-2023-42805, CVE-2023-25530, CVE-2023-34967, CVE-2023-42482, CVE-2023-22513, CVE-2023-0462, CVE-2023-41387, CVE-2023-38351, CVE-2023-4152, CVE-2023-5002, CVE-2023-31013, CVE-2023-31008, CVE-2023-39675, CVE-2023-5042, CVE-2023-43760, CVE-2023-43636, CVE-2023-43207, CVE-2023-42320, CVE-2023-42793, CVE-2023-34319, CVE-2023-34576, CVE-2023-41027, CVE-2023-42280, CVE-2023-43129, CVE-2023-42279, CVE-2023-42322, CVE-2023-38887, CVE-2023-4094, CVE-2023-4504, CVE-2023-43496, CVE-2023-40619, CVE-2023-0118, CVE-2023-42523, CVE-2023-42443, CVE-2023-42524, CVE-2023-38352, CVE-2023-43198, CVE-2023-32187, CVE-2023-31719, CVE-2023-43761, CVE-2023-41029, CVE-2023-25534, CVE-2023-5074, CVE-2023-43242, CVE-2023-43235, CVE-2023-38888, CVE-2023-42147, CVE-2023-3892, CVE-2023-43631, CVE-2023-38886, CVE-2023-43762, CVE-2023-40933, CVE-2023-43767, CVE-2023-43469, CVE-2023-38343, CVE-2023-31718, CVE-2023-41030, CVE-2023-43630, CVE-2023-25533, CVE-2022-3596, CVE-2023-42457, CVE-2023-25531, CVE-2023-42444, CVE-2023-43632, CVE-2023-31717, CVE-2023-32649, CVE-2023-43199, CVE-2023-36562, CVE-2023-4853, CVE-2023-0773, CVE-2023-41890, CVE-2023-42456, CVE-2023-42660, CVE-2023-2262, CVE-2023-4760, CVE-2023-29245, CVE-2023-23362, CVE-2023-43237, CVE-2023-31716, CVE-2015-8371, CVE-2023-38355, CVE-2023-25532, CVE-2023-43374, CVE-2023-42520, CVE-2023-43239, CVE-2023-4092, CVE-2020-14496, CVE-2023-23363, CVE-2023-43500, CVE-2023-43669, CVE-2023-43637, CVE-2023-42522, CVE-2023-43634, CVE-2023-31011, CVE-2023-40043, CVE-2023-43203, CVE-2023-43240, CVE-2023-42335, CVE-2023-41929, CVE-2023-43619, CVE-2023-43338, CVE-2023-25528, CVE-2023-42521, CVE-2023-31808, CVE-2023-41902, CVE-2023-42447, CVE-2023-5016, CVE-2023-36319, CVE-2023-43135, CVE-2023-25527, CVE-2015-5467, CVE-2023-41992, CVE-2023-38346, CVE-2023-4291, CVE-2023-5068, CVE-2023-41031, CVE-2023-41595, CVE-2023-42525, CVE-2023-43196, CVE-2023-3341, CVE-2023-38354, CVE-2023-43498, CVE-2023-42331

IoT Device Security Concepts: Comprehensive Overview Trust: 3.5 Fetched: Nov. 21, 2023, 9:34 a.m., Published: Nov. 13, 2023, 11:51 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	paloaltonetworks	model:	networks
vendor:	essential	model:	phone

Can Your Alexa Be Hacked? Tips to Ensure Device Security Trust: 3.25 Fetched: Nov. 21, 2023, 9:33 a.m., Published: May 21, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	home assistant	model:	home assistant
vendor:	essential	model:	phone
vendor:	check point	model:	check point

CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits Trust: 4.75 Fetched: Nov. 21, 2023, 9:23 a.m., Published: Nov. 20, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46604, CVE-2023-4911

VARIoT latest news about IoT security Trust: 3.0 Fetched: Nov. 21, 2023, 9:15 a.m., Published: Nov. 4, 2023, midnight	Vulnerabilities: pointer dereference vulnerability, index error, information leak...

Affected products	External IDs

Cybersecurity Vulnerabilities: Types, Examples, and more Trust: 3.75 Fetched: Nov. 21, 2023, 9:14 a.m., Published: Jan. 10, 2023, 11:13 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:

manageengine

model:

network configuration manager

Controlling user access to the features of iOS devices Trust: 3.25 Fetched: Nov. 21, 2023, 9:13 a.m., Published: April 21, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

icloud

CISA issues critical warning on Juniper device vulnerabilities \| SISA Weekly Threat Watch Trust: 5.0 Fetched: Nov. 21, 2023, 9:06 a.m., Published: Nov. 21, 2023, 7:34 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-34060, CVE-2023-36844, CVE-2023-36847

Vulnerability support in Microsoft Defender Vulnerability Management \| Microsoft Learn Related entries in the VARIoT vulnerabilities database: VAR-202211-0556, VAR-202211-0558, VAR-201912-0871, VAR-202309-0672, VAR-202211-0554, VAR-202211-0557, VAR-202005-1052, VAR-202203-0005, VAR-202111-1183 Trust: 3.75 Fetched: Nov. 21, 2023, 9:04 a.m., Published: June 27, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	netscaler gateway
vendor:	siemens	model:	sinec nms
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	desktop
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	thinkpad

db:

NVD

ids:

CVE-2022-43946, CVE-2022-29893, CVE-2014-5455, CVE-2022-26845, CVE-2021-31693, CVE-2022-48435, CVE-2023-36884, CVE-2019-14568, CVE-2023-24329, CVE-2023-40481, CVE-2023-3935, CVE-2021-36234, CVE-2023-38831, CVE-2023-28759, CVE-2022-40011, CVE-2021-33159, CVE-2021-22514, CVE-2023-26258, CVE-2021-36283, CVE-2023-31102, CVE-2021-22500, CVE-2022-27497, CVE-2020-9484, CVE-2022-0778, CVE-2023-38545, CVE-2022-35909, CVE-2021-3519, CVE-2021-36324, CVE-2023-4373, CVE-2021-22499, CVE-2020-26941, CVE-2023-29338, CVE-2023-32558, CVE-2023-24881, CVE-2023-40477

As Citrix Urges Its Clients to Patch, Researchers Release an Exploit Trust: 4.5 Fetched: Nov. 19, 2023, 9:27 a.m., Published: Oct. 25, 2023, 7:55 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	application delivery controller

db:

NVD

ids:

CVE-2023-4966

Apple releases iOS 16.7.2 and iOS 15.8 security updates to patch old hardware \| Ars Technica Trust: 3.5 Fetched: Nov. 19, 2023, 9:25 a.m., Published: Oct. 25, 2023, 7:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-32434

System BIOS w wersji R5 do komputerów Alienware m15 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Nov. 19, 2023, 9:17 a.m., Published: Nov. 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Resolved issues in Windows 10, version 21H2 \| Microsoft Learn Trust: 4.5 Fetched: Nov. 19, 2023, 9:15 a.m., Published: Nov. 17, 2023, 1:53 a.m.	Vulnerabilities: access violation, security feature bypass, feature bypass

Affected products

External IDs

vendor:

barco

model:

clickshare

db:

NVD

ids:

CVE-2023-35311, CVE-2023-33151

Path traversal - vulnerability database \| Vulners.com Trust: 3.75 Fetched: Nov. 19, 2023, 9:14 a.m., Published: Nov. 9, 2023, 5:15 p.m.	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-45284, CVE-2023-45283

How to protect your organization from IoT malware \| TechTarget Trust: 3.5 Fetched: Nov. 19, 2023, 9:12 a.m., Published: Nov. 19, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

nokia

model:

impact

INTEL-SA-00950 Trust: 4.75 Fetched: Nov. 19, 2023, 9:10 a.m., Published: Nov. 14, 2023, 7:19 p.m.	Vulnerabilities: denial of service, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-23583

Remediation actions in Microsoft Defender XDR \| Microsoft Learn Trust: 3.0 Fetched: Nov. 19, 2023, 9:08 a.m., Published: Feb. 17, 2021, midnight	Vulnerabilities: code execution

Affected products	External IDs

KB5032189 update for Windows 10 21H2 and 22H2 versions Trust: 3.0 Fetched: Nov. 19, 2023, 9:07 a.m., Published: Nov. 17, 2023, 6:12 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36033, CVE-2023-360337, CVE-2023-364008, CVE-2023-363979

34 WDM And WDF Models Vulnerable: Protect Your Devices - Security Boulevard Trust: 3.0 Fetched: Nov. 19, 2023, 9:05 a.m., Published: Nov. 16, 2023, 9 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20598, CVE-2023-35841

Threat Watch: iLeakage Vulnerability for Apple Devices Trust: 3.0 Fetched: Nov. 17, 2023, 9:21 a.m., Published: Nov. 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

watch

VARIoT news about IoT security