Sign-up

VARIoT news about IoT security

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

Trust: 5.25

Fetched: Oct. 25, 2024, 9:42 a.m., Published: Oct. 23, 2024, 12:54 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2024-38094, CVE-2024-44068

CVE-2024-20494 | Tenable®

Trust: 6.0

Fetched: Oct. 25, 2024, 9:42 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: security device manager
vendor: cisco model: adaptive security device manager
vendor: cisco model: asa software
vendor: cisco model: asdm
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2024-20494

Samsung Use-After-Free Zero-day Vulnerability Exploited In The Wild

Trust: 3.75

Fetched: Oct. 25, 2024, 9:42 a.m., Published: Oct. 23, 2024, 7:52 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: exynos
db: NVD ids: CVE-2024-44068

CVE-2024-20017 | Ubiquiti Community

Trust: 3.25

Fetched: Oct. 25, 2024, 9:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

Vulnerability (CVE-2024-20017) - Technical Support for Routers - GL.iNet

Trust: 3.25

Fetched: Oct. 25, 2024, 9:33 a.m., Published: Sept. 26, 2024, 12:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 25, 2024, 9:32 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Cisco fixes bug under exploit in brute-force attacks • The Register

Trust: 5.5

Fetched: Oct. 25, 2024, 9:31 a.m., Published: -
 Vulnerabilities: denial of service, resource exhaustion
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: series
db: NVD ids: CVE-2024-20481

Cisco ASA and FTD zero day used in password spraying attacks | TechTarget

Trust: 3.75

Fetched: Oct. 25, 2024, 9:30 a.m., Published: Oct. 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
vendor: sonicwall model: remote access
vendor: check point software technologies model: check point
db: NVD ids: CVE-2024-20481

Exploitation of vulnerability affecting Fortinet FortiManager | National Cyber Security Centre | Official Press Release

Trust: 3.25

Fetched: Oct. 25, 2024, 9:30 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Cisco Family October 2024 First Round Security Update Advisory - ASEC

Trust: 4.25

Fetched: Oct. 25, 2024, 9:28 a.m., Published: Oct. 22, 2024, 3 p.m.
 Vulnerabilities: command execution, arbitrary command execution, remote command injection...
Affected productsExternal IDs
vendor: cisco model: firepower management center
vendor: cisco model: firepower 2100
vendor: cisco model: cisco firepower management center
vendor: cisco model: cisco firepower threat defense software
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: adaptive security appliance software
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: fxos
vendor: cisco model: series
vendor: cisco model: adaptive security virtual appliance
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense software
vendor: snort model: snort
db: NVD ids: CVE-2024-20474, CVE-2024-20485, CVE-2024-20351, CVE-2024-20426, CVE-2024-20275, CVE-2024-20274, CVE-2024-20494, CVE-2024-20526, CVE-2024-20402, CVE-2024-20341, CVE-2024-20260, CVE-2024-20495, CVE-2024-20471, CVE-2024-20407, CVE-2024-20493, CVE-2024-20408, CVE-2024-20482, CVE-2024-20273, CVE-2024-20340, CVE-2024-20329, CVE-2024-20370, CVE-2024-20379, CVE-2024-20412, CVE-2024-20481, CVE-2024-20339, CVE-2024-20299, CVE-2024-20331, CVE-2024-20424, CVE-2024-20268, CVE-2024-20330, CVE-2024-20431

Fortinet confirms zero day exploitation of CVE-2024-47575

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-202210-0198

Trust: 3.75

Fetched: Oct. 25, 2024, 9:28 a.m., Published: Oct. 23, 2024, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-4247, CVE-2022-42475, CVE-2023-27997, CVE-2022-41328, CVE-2022-40684, CVE-2024-47575

CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android | 0-days In-the-Wild

Trust: 3.5

Fetched: Oct. 25, 2024, 9:27 a.m., Published: Oct. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: samsung
vendor: samsung model: exynos
db: NVD ids: CVE-2024-44068

Understanding Zero-Day Vulnerabilities: Dissecting CVE-2024-47575 in FortiManager - CyberSRC

Trust: 3.25

Fetched: Oct. 25, 2024, 9:27 a.m., Published: Oct. 24, 2024, 12:13 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Newly discovered FortiManager flaw abused for nearly six months - Techzine Global

Trust: 3.75

Fetched: Oct. 25, 2024, 9:27 a.m., Published: Oct. 24, 2024, 10:10 a.m.
 Vulnerabilities: authentication flaw
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

[AL-134] Active Exploitation of a Critical Vulnerability in FortiManager

Trust: 3.25

Fetched: Oct. 25, 2024, 9:25 a.m., Published: Oct. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

CVE-2024-20412: Unauthorized Access to Cisco Firepower Devices via Static Credentials

Trust: 3.75

Fetched: Oct. 25, 2024, 9:24 a.m., Published: Oct. 24, 2024, 1:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
vendor: cisco model: series
db: NVD ids: CVE-2024-20412

FortiManager critical vulnerability under active attack • The Register

Trust: 3.0

Fetched: Oct. 25, 2024, 9:24 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575, CVE-2024-23113

Exploitation of vulnerability affecting Fortinet FortiManager | National Cyber Security Centre | Official Press Release

Trust: 3.25

Fetched: Oct. 25, 2024, 9:23 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Critical vulnerability in Fortinet's FortiManager exploited in the wild - SiliconANGLE

Trust: 3.0

Fetched: Oct. 25, 2024, 9:23 a.m., Published: Oct. 24, 2024, 11:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices - Oct 22, 2024

Trust: 3.75

Fetched: Oct. 25, 2024, 9:19 a.m., Published: Oct. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: trend model: micro trend micro
vendor: trend model: security
vendor: trendmicro model: micro trend micro
vendor: trendmicro model: security
vendor: trend micro model: micro trend micro
vendor: trend micro model: security