VARIoT latest news about IoT security

Check Point SSL VPN: CVE-2024-24919 from an Incident Response Perspective - Truesec Trust: 4.25 Fetched: July 28, 2024, 9:49 a.m., Published: June 5, 2024, 5:29 p.m.	Vulnerabilities: path traversal, privilege escalation

Affected products

External IDs

vendor:	check point	model:	gaia
vendor:	check point	model:	gaia os
vendor:	check point	model:	security gateway
vendor:	check point	model:	check point
vendor:	orange	model:	web server

db:

NVD

ids:

CVE-2024-24919

CVE-2021-27561: Uncovering the SSRF Vulnerability in Yealink Device Management - Datacipher Trust: 4.75 Fetched: July 28, 2024, 9:48 a.m., Published: July 18, 2024, 6:21 p.m.	Vulnerabilities: request forgery, improper validation, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-27561

Novel Android vulnerability exposes DNS queries \| SC Media Trust: 3.0 Fetched: July 28, 2024, 9:47 a.m., Published: Dec. 5, 2023, 7 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome

Phoenix Technologies Buffer Overflow Vulnerability on GeminiLake - Phoenix Technologies - Leading PC Innovation since 1979 Trust: 3.0 Fetched: July 28, 2024, 9:47 a.m., Published: May 14, 2024, 2:22 p.m.	Vulnerabilities: buffer overflow

Affected products	External IDs

Westermo Switch vulnerabilities: Find potentially impacted devices Trust: 3.25 Fetched: July 28, 2024, 9:46 a.m., Published: June 21, 2024, 2:26 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-36080, CVE-2024-32943, CVE-2024-35246, CVE-2024-36081, CVE-2024-37183

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report - Global Security Mag Online Trust: 3.0 Fetched: July 28, 2024, 9:45 a.m., Published: June 26, 2024, midnight	Vulnerabilities: -

Affected products	External IDs

Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine Trust: 3.25 Fetched: July 28, 2024, 9:39 a.m., Published: May 21, 2024, 12:30 p.m.	Vulnerabilities: memory corruption, command injection

Affected products

External IDs

vendor:	barracuda	model:	barracuda
vendor:	barracuda networks	model:	barracuda
vendor:	trend	model:	security

PKfail Vulnerability Allows Attackers To Bypass Secure Boot Trust: 3.0 Fetched: July 28, 2024, 9:39 a.m., Published: July 26, 2024, 10:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

pixel

OWASP IoT Top 10 Vulnerabilities (2024 Updated) \| Wattlecorp Cybersecurity Labs Trust: 3.0 Fetched: July 28, 2024, 9:38 a.m., Published: July 4, 2024, 7 p.m.	Vulnerabilities: -

Affected products	External IDs

2024-07 Security Bulletin: Junos OS: SRX Series, EX Series: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device (CVE-2024-39565) Trust: 4.25 Fetched: July 28, 2024, 9:34 a.m., Published: -	Vulnerabilities: injection attack

Affected products

External IDs

db:

NVD

ids:

CVE-2024-39565

Vulnerabilities Identified in Owlet Cam - Global Security Mag Online Trust: 4.75 Fetched: July 28, 2024, 9:34 a.m., Published: May 15, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-6321, CVE-2023-6323, CVE-2023-6324

Vulnerabilities Identified in Cisco Adaptive Security Appliance and Firepower Threat Defense Software Trust: 5.5 Fetched: July 28, 2024, 9:34 a.m., Published: July 10, 2024, midnight	Vulnerabilities: code injection, denial of service, code execution...

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco adaptive security appliance

db:

NVD

ids:

CVE-2024-20353, CVE-2024-20359, CVE-2024-20358

How IT Firewall Vulnerabilities Expose Industrial Systems to Cyberattacks \| TXOne Networks Trust: 6.25 Fetched: July 28, 2024, 9:32 a.m., Published: May 24, 2024, 8:53 a.m.	Vulnerabilities: authentication bypass, code execution, os command injection...

Affected products

External IDs

vendor:	siemens	model:	ruggedcom
vendor:	cisco	model:	series
vendor:	cisco	model:	edge series
vendor:	cisco	model:	intrusion prevention system
vendor:	cisco	model:	guard
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os

db:

NVD

ids:

CVE-2024-21887, CVE-2024-21888, CVE-2023-46805, CVE-2024-20353, CVE-2024-22024, CVE-2024-3400, CVE-2024-21893, CVE-2024-20359

Exploitation of vulnerabilities affecting Ivanti Connect... - NCSC.GOV.UK Trust: 4.0 Fetched: July 28, 2024, 9:31 a.m., Published: -	Vulnerabilities: authentication bypass, request forgery, privilege escalation...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2024-21888, CVE-2023-46805, CVE-2024-22024, CVE-2024-21893, CVE-2023-46085

Critical Vulnerability in Checkpoint Quantum (CVE-2024-24919) Trust: 3.75 Fetched: July 28, 2024, 9:30 a.m., Published: May 27, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	check point	model:	gaia
vendor:	check point	model:	quantum security gateway
vendor:	check point	model:	security gateway
vendor:	checkpoint	model:	check point
vendor:	checkpoint	model:	gaia
vendor:	checkpoint	model:	quantum security gateway
vendor:	checkpoint	model:	security gateway

db:

NVD

ids:

CVE-2024-24919

CVE-LLM : Automatic vulnerability evaluation in medical device industry using large language models Trust: 3.5 Fetched: July 28, 2024, 9:29 a.m., Published: July 1, 2024, midnight	Vulnerabilities: authentication bypass, sql injection, cross-site scripting...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-12345

Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers Authenticated Remote Code Execution Vulnerability Trust: 5.0 Fetched: July 28, 2024, 9:28 a.m., Published: July 17, 2024, 4 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	small business
vendor:	cisco	model:	rv340
vendor:	cisco	model:	routers
vendor:	cisco	model:	small business rv340
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	rv345
vendor:	cisco	model:	series

Top 15 Web Pen Testing Tools for Kali Linux (2024) Trust: 3.5 Fetched: July 28, 2024, 9:27 a.m., Published: May 16, 2024, 7:14 a.m.	Vulnerabilities: file enumeration, sql injection, cross-site scripting...

Affected products	External IDs

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DNS Inspection Denial of Service Vulnerability Trust: 4.0 Fetched: July 28, 2024, 9:20 a.m., Published: May 22, 2024, 3:57 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	asa software
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco adaptive security appliance software
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance software

A Vulnerability in OpenSSH Could Allow for Remote Code Execution Trust: 3.25 Fetched: July 27, 2024, 7:59 p.m., Published: July 1, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

VARIoT news about IoT security