Sign-up

VARIoT news about IoT security

December 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Trust: 3.75

Fetched: Dec. 13, 2024, 9:36 a.m., Published: Dec. 11, 2024, 1:12 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-49138, CVE-2024-49127, CVE-2024-49112, CVE-2024-49124, CVE-2024-49122, CVE-2024-49117, CVE-2024-49118, CVE-2024-49126

The evolution and abuse of proxy networks

Trust: 3.5

Fetched: Dec. 13, 2024, 9:36 a.m., Published: Dec. 12, 2024, 11 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: cisco model: soho
vendor: cisco model: router
vendor: cisco model: routers

Are Smart Home Devices Safe? A 2025 Guide to Security Risks

Trust: 3.25

Fetched: Dec. 13, 2024, 9:34 a.m., Published: Dec. 12, 2024, 4:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: watch
vendor: apple model: ipad
vendor: home assistant model: home assistant
vendor: trend model: security
vendor: google model: home
vendor: google model: wi-fi router
vendor: samsung model: samsung

Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations | ITPro

Trust: 5.0

Fetched: Dec. 13, 2024, 9:34 a.m., Published: Dec. 12, 2024, 11:11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
db: NVD ids: CVE-2024-50623

Apple Just Patched These 20 Security Vulnerabilities With iOS 18.2 | Lifehacker

Trust: 5.5

Fetched: Dec. 13, 2024, 9:32 a.m., Published: Dec. 12, 2024, 1 p.m.
 Vulnerabilities: memory corruption, code execution, process crash...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2024-44225, CVE-2024-54500, CVE-2024-54527, CVE-2024-54485, CVE-2024-44246, CVE-2024-54510, CVE-2024-54492, CVE-2024-54526, CVE-2024-54494, CVE-2024-54514, CVE-2024-54508, CVE-2024-54505, CVE-2024-54513, CVE-2024-54501, CVE-2024-44245, CVE-2024-54479, CVE-2024-54534, CVE-2024-54486, CVE-2024-54503, CVE-2024-45490, CVE-2024-54502

China-based hacker accused of deploying malware to exploit global firewall devices - Times of Oman

Trust: 3.75

Fetched: Dec. 13, 2024, 9:32 a.m., Published: Dec. 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide | Flashpoint

Trust: 3.75

Fetched: Dec. 13, 2024, 9:31 a.m., Published: Dec. 11, 2024, 2:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

China-based hacker accused of deploying malware to exploit global firewall devices, ET CISO

Trust: 3.75

Fetched: Dec. 13, 2024, 9:30 a.m., Published: Dec. 12, 2024, 6:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

U.S. Indicts Chinese Hacker for Exploit Targeting 81,000 Devices

Trust: 3.75

Fetched: Dec. 13, 2024, 9:29 a.m., Published: Dec. 11, 2024, 12:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2020-12271

Siemens SENTRON Powercenter 1000 | CISA

Trust: 4.75

Fetched: Dec. 13, 2024, 9:28 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: modbus tcp
db: NVD ids: CVE-2024-6657

Ivanti patches high-severity vulnerabilities in CSA after exposure of critical flaws

Trust: 4.0

Fetched: Dec. 13, 2024, 9:27 a.m., Published: Dec. 11, 2024, 10:16 a.m.
 Vulnerabilities: authentication bypass, code execution, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-39710, CVE-2024-11772, CVE-2024-11005, CVE-2024-38655, CVE-2024-39712, CVE-2024-11007, CVE-2024-11639, CVE-2024-11773, CVE-2024-38656

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:26 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:26 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:25 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Access Denied

Trust: 3.25

Fetched: Dec. 13, 2024, 9:24 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices | Claroty

Trust: 5.5

Fetched: Dec. 13, 2024, 9:22 a.m., Published: Dec. 12, 2024, midnight
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2024-52324, CVE-2024-45722

ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524) | Retest Security

Related entries in the VARIoT vulnerabilities database: VAR-199708-0008

Trust: 4.0

Fetched: Dec. 13, 2024, 9:20 a.m., Published: Dec. 12, 2024, 8:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
db: NVD ids: CVE-1999-0524

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability

Trust: 4.0

Fetched: Dec. 13, 2024, 9:19 a.m., Published: Oct. 23, 2024, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: series
vendor: cisco model: firepower threat defense software
vendor: cisco model: series industrial security appliances
vendor: cisco model: asa software
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance

Usługa Dell Power Manager | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Dec. 11, 2024, 10:52 a.m., Published: March 17, 2000, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: latitude
vendor: dell model: optiplex

Citrix NetScaler devices targeted in brute force campaign | TechTarget

Trust: 4.5

Fetched: Dec. 11, 2024, 10:48 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: memory corruption, denial of service
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: netscaler gateway
db: NVD ids: CVE-2024-8535, CVE-2024-8534