VARIoT latest news about IoT security

Android app from China executed 0-day exploit on millions of devices \| Ars Technica Trust: 3.75 Fetched: March 29, 2023, 9:17 a.m., Published: March 27, 2023, 12:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-20963

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability Trust: 3.0 Fetched: March 29, 2023, 9:16 a.m., Published: March 22, 2023, 3:49 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	device manager
vendor:	cisco	model:	asa 5525-x
vendor:	cisco	model:	asa software
vendor:	cisco	model:	asa 5506h-x
vendor:	cisco	model:	clientless ssl vpn
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco 7600 series
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco adaptive security appliance software
vendor:	cisco	model:	asa 5516-x
vendor:	cisco	model:	asa 5506-x
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	series switches
vendor:	cisco	model:	firepower 2100
vendor:	cisco	model:	firepower 9300
vendor:	cisco	model:	asdm
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	series industrial security appliances
vendor:	cisco	model:	7600 series
vendor:	cisco	model:	asa 5508-x
vendor:	cisco	model:	catalyst 6500 series
vendor:	cisco	model:	asa 5506w-x
vendor:	cisco	model:	firepower threat defense virtual
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco catalyst 6500 series

Android यूजर्स को सरकार ने किया अलर्ट, तुरंत अपडेट कर लें डिवाइस वरना होगा भारी नुकसान Trust: 3.5 Fetched: March 28, 2023, 9:20 a.m., Published: March 26, 2023, 8:58 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

Android app from China executed 0-day exploit on millions of devices \| Flagrant Malfeasance Trust: 3.75 Fetched: March 28, 2023, 9:17 a.m., Published: March 27, 2023, 9:38 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-20963

Samsung UK on Twitter: "@JEM7687 Thank you for sharing that with us. Samsung takes the safety of our customers very seriously. After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March. (1/2) ^RR" / Twitter Trust: 3.25 Fetched: March 28, 2023, 9:17 a.m., Published: March 28, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

galaxy

Securing Embedded Devices Running C Code: Mitigating Double Free and Use After Free Vulnerabilities - IoT Beacon Trust: 3.5 Fetched: March 28, 2023, 9:17 a.m., Published: March 25, 2023, 9:21 a.m.	Vulnerabilities: code execution, use after free, memory leak...

Affected products	External IDs

CVE.report on Twitter: "CVE-2023-1139 : Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authenticati... https://t.co/FpfyfJIfj6" / Twitter Trust: 3.0 Fetched: March 28, 2023, 9:14 a.m., Published: March 28, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1139

Android users Beware: CERT-in issues high severity warning for new vulnerabilities Trust: 5.0 Fetched: March 28, 2023, 9:13 a.m., Published: March 19, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability - MacRumors Trust: 3.75 Fetched: March 28, 2023, 9:12 a.m., Published: July 15, 2004, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	notes
vendor:	samsung	model:	note
vendor:	apple	model:	imac
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability - Cisco Trust: 3.75 Fetched: March 28, 2023, 9:11 a.m., Published: Jan. 11, 2023, 10:43 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	cisco	model:	ip phone 8821
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	wireless ip phone 8821
vendor:	cisco	model:	ip phone 7800

Cisco ASA 5500-X Series Firewalls - Security Advisories, Responses and Notices - Cisco Trust: 3.0 Fetched: March 28, 2023, 9:11 a.m., Published: Nov. 22, 2015, 10 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	asa 5500

Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability Trust: 4.0 Fetched: March 28, 2023, 9:10 a.m., Published: March 22, 2023, 3:49 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios

PoC exploits published for Netgear Orbi router vulnerabilities - neoSolutions Trust: 5.5 Fetched: March 26, 2023, 9:13 a.m., Published: March 22, 2023, 3:05 p.m.	Vulnerabilities: command injection, command execution

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	netgear	model:	netgear orbi satellite
vendor:	netgear	model:	router
vendor:	netgear	model:	orbi
vendor:	cisco	model:	series routers
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	cisco	model:	routers

db:

NVD

ids:

CVE-2022-37337, CVE-2022-36429, CVE-2022-38458, CVE-2022-38452

Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google \| TechRadar Trust: 5.75 Fetched: March 26, 2023, 9:12 a.m., Published: March 17, 2023, 3:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	samsung	model:	mobile devices
vendor:	vivo	model:	modems
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-24033

Several zero day vulnerabilities are plaguing Android… Trust: 4.75 Fetched: March 26, 2023, 9:12 a.m., Published: March 18, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	samsung	model:	mobile devices
vendor:	vivo	model:	modems
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-24033

Five Types of Network Vulnerabilities to Avoid \| Exigent Technologies Exigent Trust: 3.75 Fetched: March 26, 2023, 9:11 a.m., Published: March 22, 2023, 4:29 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

lenovo

model:

updates

Massive Security Vulnerabilities Found in Mobile Devices Powered by Exynos Chipsets from Samsung Semiconductor Trust: 5.75 Fetched: March 26, 2023, 9:10 a.m., Published: March 3, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	vivo	model:	modem
vendor:	vivo	model:	modems
vendor:	google	model:	pixel
vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	mobile devices

db:

NVD

ids:

CVE-2023-26496, CVE-2023-26498, CVE-2023-26497, CVE-2023-24033

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems Trust: 4.75 Fetched: March 26, 2023, 9:10 a.m., Published: March 22, 2023, 1:09 p.m.	Vulnerabilities: buffer overflow, code execution, path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1139, CVE-2023-28756, CVE-2023-1145, CVE-2022-38742, CVE-2023-1133, CVE-2023-28755

Critical zero-day flaws put Samsung phones at risk - is yours vulnerable? \| Tom's Guide Trust: 4.5 Fetched: March 26, 2023, 9:09 a.m., Published: March 17, 2023, 4:19 p.m.	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-24033

Cisco IOS XE Software Web UI Path Traversal Vulnerability Trust: 4.75 Fetched: March 26, 2023, 9:09 a.m., Published: March 22, 2023, 3:49 p.m.	Vulnerabilities: path traversal

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios software
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios xr software

VARIoT news about IoT security