VARIoT latest news about IoT security

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software Trust: 5.75 Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 4:55 a.m.	Vulnerabilities: command injection, file upload bug, improper validation

Affected products

External IDs

vendor:	cisco	model:	wap371
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unity
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	unity connection

db:

NVD

ids:

CVE-2024-20287, CVE-2024-20272

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) - Help Net Security Trust: 3.5 Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 11:35 a.m.	Vulnerabilities: command injection, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Security Vulnerability in KYOCERA Device Manager Trust: 3.25 Fetched: Jan. 12, 2024, 9:27 a.m., Published: Jan. 24, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths Trust: 3.75 Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 24, 2024, midnight	Vulnerabilities: response splitting vulnerability

Affected products	External IDs

.NET January 2024 Updates - .NET 8.0.1, 7.0.15, .NET 6.0.26 - .NET Blog Trust: 5.0 Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 9, 2024, 6 p.m.	Vulnerabilities: feature bypass, denial of service, security feature bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-0057, CVE-2024-21319, CVE-2024-0056

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability Trust: 5.0 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco WAP371 Wireless Access Point Command Injection Vulnerability - Cisco Trust: 5.0 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:05 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	wap371
vendor:	cisco	model:	wireless access point

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks \| Ars Technica Trust: 5.75 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:18 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	pulse secure	model:	connect secure
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-49103, CVE-2023-46805, CVE-2022-47966, CVE-2024-21887, CVE-2023-34362

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability Trust: 4.25 Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

Ivanti warns of critical vulnerability in its popular line of endpoint protection software \| Ars Technica Trust: 3.5 Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 5, 2024, 10:33 p.m.	Vulnerabilities: sql injection, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-39336

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin Trust: 3.75 Fetched: Jan. 12, 2024, 9:13 a.m., Published: Jan. 10, 2024, 4:01 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products	External IDs

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days \| SC Media Trust: 4.5 Fetched: Jan. 12, 2024, 9:13 a.m., Published: Jan. 10, 2024, 4:04 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20674, CVE-2024-20700, CVE-2024-21318, CVE-2024-0056, CVE-2024-20677

Cisco WAP371 Wireless Access Point Command Injection Vulnerability Trust: 5.0 Fetched: Jan. 12, 2024, 9:12 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	wap371
vendor:	cisco	model:	wireless access point

Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN \| Volexity Trust: 5.25 Fetched: Jan. 12, 2024, 9:11 a.m., Published: Jan. 10, 2024, 7 p.m.	Vulnerabilities: code execution, command execution

Affected products

External IDs

vendor:	pulse secure	model:	connect secure
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulsesecure	model:	connect secure
vendor:	pulsesecure	model:	pulse connect secure

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Ivanti Connect Secure devices face active exploitation, patch schedule staggered \| Cybersecurity Dive Trust: 3.75 Fetched: Jan. 12, 2024, 9:10 a.m., Published: Jan. 11, 2024, midnight	Vulnerabilities: command injection, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Security Vulnerability in KYOCERA Device Manager Trust: 3.25 Fetched: Jan. 12, 2024, 9:10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Cisco urges users to update this dangerous software flaw immediately, or put devices at risk of being hacked \| TechRadar Trust: 4.75 Fetched: Jan. 12, 2024, 9:10 a.m., Published: Jan. 11, 2024, 3:28 p.m.	Vulnerabilities: cross-site scripting, improper validation

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	unity
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	unity connection

db:

NVD

ids:

CVE-2024-20727, CVE-2024-20272

Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability Trust: 3.5 Fetched: Jan. 12, 2024, 9:09 a.m., Published: May 17, 2018, 5:52 p.m.	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	cisco	model:	series switches
vendor:	cisco	model:	1000v
vendor:	cisco	model:	firepower 4120
vendor:	cisco	model:	cisco 7600 series
vendor:	cisco	model:	security device manager
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower 4150
vendor:	cisco	model:	ftd virtual
vendor:	cisco	model:	asa5525-x
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	7600 series
vendor:	cisco	model:	firepower 4110
vendor:	cisco	model:	security manager
vendor:	cisco	model:	adaptive security device manager
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	asdm
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	asa software
vendor:	cisco	model:	firepower 4140
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco catalyst 6500 series
vendor:	cisco	model:	adaptive security virtual appliance
vendor:	cisco	model:	catalyst 6500 series
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	firepower
vendor:	cisco	model:	series routers
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	asa 1000v cloud firewall
vendor:	cisco	model:	asa 5500 series
vendor:	cisco	model:	firepower 2100
vendor:	cisco	model:	routers
vendor:	cisco	model:	industrial security appliance
vendor:	cisco	model:	firepower 9300
vendor:	cisco	model:	series industrial security appliance
vendor:	cisco	model:	device manager

Apache Struts 2 vulnerability discovered, as proof of concept circulates \| CSO Online Trust: 3.0 Fetched: Jan. 10, 2024, 10:43 a.m., Published: Dec. 14, 2023, midnight	Vulnerabilities: path traversal, traversal attack

Affected products	External IDs

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-201810-0329 Trust: 5.5 Fetched: Jan. 10, 2024, 10:42 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	cisco firepower system software
vendor:	cisco	model:	firepower system
vendor:	cisco	model:	firepower system software
vendor:	cisco	model:	firepower
vendor:	netapp	model:	clustered data ontap
vendor:	netapp	model:	data ontap

db:

NVD

ids:

CVE-2020-1206, CVE-2018-5490, CVE-2020-0796, CVE-2018-0833, CVE-2018-0455, CVE-2017-0016, CVE-2022-32230, CVE-2020-1284

VARIoT news about IoT security