VARIoT latest news about IoT security

Active Exploitation of Cisco IOS XE Zero-Day Vulnerability \| Rapid7 Blog Related entries in the VARIoT vulnerabilities database: VAR-202103-0773 Trust: 3.5 Fetched: Oct. 20, 2023, 9:10 a.m., Published: Oct. 17, 2023, 7:50 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	routers
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198, CVE-2021-1435, CVE-2023-21098

Cisco Releases Security Advisory for Actively Exploited Vulnerability CVE-2023-20198 - NHS Digital Trust: 3.75 Fetched: Oct. 20, 2023, 9:10 a.m., Published: Oct. 20, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

series

db:

NVD

ids:

CVE-2023-20198

Siemens SICAM A8000 Devices \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202310-0203 Trust: 5.5 Fetched: Oct. 18, 2023, 9:31 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: path traversal

Affected products

External IDs

vendor:	siemens	model:	sicam
vendor:	siemens	model:	sicam a8000

db:

NVD

ids:

CVE-2023-42796

Understanding IoT Devices, and the Security Threats They Pose - TrollEye Security Trust: 4.25 Fetched: Oct. 18, 2023, 9:29 a.m., Published: Oct. 2, 2023, 12:22 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	home
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks

Overview of IoT threats in 2023 - SharITSec Trust: 5.25 Fetched: Oct. 18, 2023, 9:24 a.m., Published: Oct. 18, 2023, midnight	Vulnerabilities: configuration issue

Affected products

External IDs

vendor:	bosch	model:	smart camera
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-27593

Cisco issues alert over critical IOS XE Software flaw \| ITPro Trust: 3.75 Fetched: Oct. 18, 2023, 9:23 a.m., Published: Oct. 17, 2023, 12:30 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Juniper Junos OS: 2023-10 Security Bulletin: Junos OS: An unauthenticated attacker with local access to the device can create a backdoor with root privileges (JSA73158) (multiple CVEs) Trust: 3.25 Fetched: Oct. 18, 2023, 9:23 a.m., Published: Oct. 18, 2023, midnight	Vulnerabilities: denial of service

Affected products	External IDs

ChirpStack for Healthcare IoT Security: Safeguarding Sensitive Data - Techlogitic Trust: 4.75 Fetched: Oct. 18, 2023, 9:22 a.m., Published: Oct. 10, 2023, 10:39 a.m.	Vulnerabilities: weak password

Affected products

External IDs

vendor:

chirpstack

model:

network server

Signal denies rumors of zero-day bug used to take over devices - The Hindu Trust: 4.25 Fetched: Oct. 18, 2023, 9:21 a.m., Published: Oct. 17, 2023, 9:11 a.m.	Vulnerabilities: code execution

Affected products	External IDs

Understanding IoT Devices, And The Security Threats They Pose Trust: 4.25 Fetched: Oct. 18, 2023, 9:20 a.m., Published: Oct. 3, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	home
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	networks

Govt issues high-risk warning for Google Chrome users, here is how you can protect your device - India Today Trust: 3.5 Fetched: Oct. 18, 2023, 9:19 a.m., Published: Oct. 13, 2023, 3:30 a.m.	Vulnerabilities: buffer overflow, use after free

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

Phosphorus Releases Mitigation Solutions for Critical Cisco Trust: 4.25 Fetched: Oct. 18, 2023, 9:19 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: privilege escalation, default credentials

Affected products

External IDs

vendor:	cisco	model:	access points
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco issues warning for critical 0-day vulnerability exploited in the wild - Outpost24 Trust: 3.75 Fetched: Oct. 18, 2023, 9:18 a.m., Published: Oct. 17, 2023, 12:15 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco warns of actively exploited zero-day in IOS XE software Trust: 3.75 Fetched: Oct. 18, 2023, 9:16 a.m., Published: Oct. 17, 2023, 10:36 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	router

db:

NVD

ids:

CVE-2023-20198

Cisco IOS XE Devices Have Been ‘Widely Exploited:’ Researcher \| CRN Trust: 4.0 Fetched: Oct. 18, 2023, 9:16 a.m., Published: Oct. 17, 2023, 10:15 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco Discloses New Critical Zero Day Vulnerability in Web UI of IOS XE Software - Allows Attackers to Compromise Routers Related entries in the VARIoT vulnerabilities database: VAR-202103-0773 Trust: 4.25 Fetched: Oct. 18, 2023, 9:16 a.m., Published: Oct. 17, 2023, 9:42 p.m.	Vulnerabilities: arbitrary command execution, command execution

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2023-20198, CVE-2021-1435

Cisco reports major security flaw, users urged to patch immediately \| TechRadar Trust: 4.0 Fetched: Oct. 18, 2023, 9:16 a.m., Published: Oct. 17, 2023, 9 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software

db:

NVD

ids:

CVE-2023-20198

Critical Flaw Leads Hackers to Hijack Thousands of Cisco Devices Trust: 3.75 Fetched: Oct. 18, 2023, 9:15 a.m., Published: Oct. 17, 2023, 9:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	router
vendor:	cisco	model:	wireless controller
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Critical Cisco IOS XE vulnerability gives attackers control of devices \| CSO Online Trust: 4.0 Fetched: Oct. 18, 2023, 9:15 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco Devices Hacked via IOS XE Zero-Day Vulnerability - SecurityWeek Related entries in the VARIoT vulnerabilities database: VAR-202103-0773 Trust: 5.5 Fetched: Oct. 18, 2023, 9:15 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: command injection, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xe software

db:

NVD

ids:

CVE-2023-20198, CVE-2021-1435

VARIoT news about IoT security