Sign-up

VARIoT news about IoT security

Salt Typhoon Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Trust: 4.75

Fetched: Feb. 16, 2025, 9:21 a.m., Published: Feb. 14, 2025, 8:21 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: trend model: security
db: NVD ids: CVE-2023-20198, CVE-2023-20273

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108) - Security Boulevard

Trust: 4.75

Fetched: Feb. 16, 2025, 9:21 a.m., Published: Feb. 14, 2025, 3:30 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0108

Fortinet Addresses Multiple Vulnerabilities in Major Security Update

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.5

Fetched: Feb. 16, 2025, 9:20 a.m., Published: Feb. 11, 2025, 6:09 p.m.
 Vulnerabilities: command injection, path traversal, authentication bypass...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-40585, CVE-2024-40591, CVE-2024-46666, CVE-2024-33504, CVE-2023-37936, CVE-2025-24472, CVE-2024-35279, CVE-2022-40684, CVE-2023-40721, CVE-2024-52966, CVE-2024-55591

Cybersecurity Snapshot: February 7, 2025

Trust: 4.5

Fetched: Feb. 16, 2025, 9:20 a.m., Published: Feb. 7, 2025, 3 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2025-0683, CVE-2025-0626

Privacy Roundup: Week 6 of Year 2025 | Avoid the Hack (avoidthehack!)

Trust: 4.25

Fetched: Feb. 16, 2025, 9:19 a.m., Published: Feb. 9, 2025, 9:14 p.m.
 Vulnerabilities: command injection, privilege escalation, authentication bypass...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: wifi
vendor: google model: google chrome
vendor: google model: nexus
vendor: google model: wi-fi router
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi router
vendor: cisco model: vpn client
vendor: cisco model: nexus
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: soho
vendor: cisco model: router
vendor: netgear model: router
vendor: apple model: icloud
vendor: apple model: installer
vendor: apple model: iphone
db: NVD ids: CVE-2024-40891, CVE-2024-53104, CVE-2025-0890, CVE-2025-0445

Fix CVE-2025-1283: Dingtian DT-R0 Series Security Guide

Trust: 4.0

Fetched: Feb. 16, 2025, 9:18 a.m., Published: Feb. 14, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-1283

Surface Pro 7 gets new (February 13, 2025) firmware updates - SurfaceTip

Trust: 3.0

Fetched: Feb. 16, 2025, 9:18 a.m., Published: Feb. 13, 2025, 5 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-29871

Wireless Security Testing Fundamentals - PenTesting.Org

Trust: 3.75

Fetched: Feb. 16, 2025, 9:17 a.m., Published: -
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: aircrack-ng model: aircrack-ng

Salt Typhoon Strikes: Over 1,000 Cisco Devices Compromised - Clear Infosec

Trust: 4.75

Fetched: Feb. 16, 2025, 9:16 a.m., Published: Feb. 14, 2025, 12:37 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco model: routers
db: NVD ids: CVE-2023-20198, CVE-2023-20273

Salt Typhoon Exploits Cisco Devices in Telco Infrastructure

Trust: 3.5

Fetched: Feb. 16, 2025, 9:10 a.m., Published: Dec. 16, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: routers
db: NVD ids: CVE-2023-20198, CVE-2023-20273

Security considerations for edge devices (ITSM.80.101) - Canadian Centre for Cyber Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 5.25

Fetched: Feb. 16, 2025, 9:08 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: soho
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475, CVE-2023-20198, CVE-2024-21762, CVE-2023-20273

Vulnerabilities Page

Trust: 4.5

Fetched: Feb. 16, 2025, 9:07 a.m., Published: Feb. 11, 2025, 12:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Vulnerability Details Page

Trust: 3.5

Fetched: Feb. 16, 2025, 9:06 a.m., Published: Feb. 11, 2025, 12:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks

Secure by Design Alert: Eliminating Buffer Overflow Vulnerabilities | CISA

Trust: 4.5

Fetched: Feb. 14, 2025, 9:46 a.m., Published: May 14, 2025, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: android

CISA Adds Microsoft Windows, Zyxel Device Dlaws to its Known Exploited Vulnerabilities Catalog - Cybersecurity News Everyday

Trust: 5.0

Fetched: Feb. 14, 2025, 9:44 a.m., Published: Feb. 13, 2025, midnight
 Vulnerabilities: arbitrary command execution, privilege escalation, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891, CVE-2025-21391, CVE-2025-21418, CVE-2024-40890

Apple Urges Immediate iOS 18.3.1 Update to Fix Critical Security Vulnerability

Trust: 3.5

Fetched: Feb. 14, 2025, 9:44 a.m., Published: Feb. 13, 2025, 8:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2025-24200

FortiOS Vulnerabilities Expose VPN and Firewall Devices to Remote Code Execution and Denial-of-Service Attacks - UNDERCODE NEWS

Trust: 4.5

Fetched: Feb. 14, 2025, 9:43 a.m., Published: Feb. 12, 2025, 10:14 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-46666, CVE-2024-46668

Kandji Unveils Vulnerability Management To Enhance Enterprise Security For Apple Devices | Digital Market News

Trust: 3.0

Fetched: Feb. 14, 2025, 9:43 a.m., Published: Feb. 12, 2025, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

SSA-770770

Related entries in the VARIoT vulnerabilities database: VAR-202501-2383, VAR-202501-1996

Trust: 4.75

Fetched: Feb. 14, 2025, 9:42 a.m., Published: Feb. 1, 2025, midnight
 Vulnerabilities: integer overflow, denial of service, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-46665, CVE-2024-46670, CVE-2024-36504, CVE-2024-52963, CVE-2024-48884, CVE-2024-46666, CVE-2024-54021, CVE-2024-48885, CVE-2024-46669, CVE-2024-46668

Re: OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Feb. 14, 2025, 9:41 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: optiplex