Sign-up

VARIoT news about IoT security

CVE-2023-20198: Zero-Day Vulnerability in Cisco IOS XE Exploited in the Wild - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.25

Fetched: Oct. 18, 2023, 9:11 a.m., Published: Oct. 16, 2023, 5:14 p.m.
 Vulnerabilities: command injection, privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20109, CVE-2023-20198, CVE-2021-1435

Critical Vulnerability in MikroTik RouterOS Tens of Thousands of Devices in Indonesia are Vulnerable - Cyber Defense Insight

Trust: 4.5

Fetched: Oct. 18, 2023, 9:11 a.m., Published: Oct. 9, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: router
vendor: mikrotik model: routeros
db: NVD ids: CVE-2023-30799

Snack Up, Patch Up: Zyxel NAS Alert!

Trust: 4.0

Fetched: Oct. 18, 2023, 9:11 a.m., Published: June 26, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zyxel model: nas326
vendor: zyxel model: nas542
vendor: zyxel model: nas540
db: NVD ids: CVE-2023-27992

Critical Vulnerability in MikroTik Routers Exposes Up to 900K Devices to Potential Takeover - VULNERA

Trust: 4.5

Fetched: Oct. 18, 2023, 9:10 a.m., Published: July 25, 2023, 4:59 p.m.
 Vulnerabilities: default password, privilege escalation
Affected productsExternal IDs
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: router
vendor: mikrotik model: routeros
db: NVD ids: CVE-2023-30788

Upgrading Kaspersky Endpoint Security Cloud

Trust: 3.0

Fetched: Oct. 18, 2023, 9:10 a.m., Published: April 18, 2019, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Phosphorus Releases Mitigation Solutions for Critical Cisco IOS XE Zero-Day Vulnerability - Phosphorus

Trust: 4.25

Fetched: Oct. 18, 2023, 9:08 a.m., Published: Oct. 17, 2023, 8:01 p.m.
 Vulnerabilities: privilege escalation, default credentials
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198

Cisco warns against a critical vulnerability in IOS XE-based network devices | TechSpot

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.75

Fetched: Oct. 18, 2023, 9:07 a.m., Published: Oct. 18, 4070, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-20198, CVE-2021-1435

Android Hacking: libwebp Vulnerability

Trust: 4.5

Fetched: Oct. 17, 2023, 9:38 a.m., Published: Oct. 13, 2023, 8:11 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
vendor: google model: pixel
db: NVD ids: CVE-2023-41064

Indian Government Warns Apple iPhone and iPad Users of 'High' Risk | Technology & Science News, Times Now

Trust: 3.0

Fetched: Oct. 17, 2023, 9:36 a.m., Published: Oct. 17, 2040, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone

Finding Cisco IOS-XE devices with runZero

Trust: 3.75

Fetched: Oct. 17, 2023, 9:33 a.m., Published: Oct. 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: openresty model: openresty
vendor: cisco model: cisco routers
vendor: cisco model: cisco ios
vendor: cisco model: routers
db: NVD ids: CVE-2023-20198

Cisco's Ticking Time Bomb: CVE-2023-20198 with CVSS Score 10 Hits Cisco Devices

Trust: 3.75

Fetched: Oct. 17, 2023, 9:31 a.m., Published: Oct. 16, 2023, 10:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Buffer Overflow Attacks Explained (with Examples)

Trust: 3.5

Fetched: Oct. 17, 2023, 9:30 a.m., Published: Aug. 24, 2020, 1:38 p.m.
 Vulnerabilities: buffer overrun, buffer overflow, code execution...
Affected productsExternal IDs

Weekly Vulnerability Recap - Oct 9, 2023 - 6 Major Zero-Days

Related entries in the VARIoT vulnerabilities database: VAR-202312-0888

Trust: 5.25

Fetched: Oct. 17, 2023, 9:29 a.m., Published: Oct. 9, 2023, 7:46 p.m.
 Vulnerabilities: memory corruption, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad
vendor: google model: chrome
vendor: google model: android
vendor: cisco model: emergency responder
vendor: cisco model: cisco emergency responder
db: NVD ids: CVE-2022-1471, CVE-2023-33200, CVE-2023-42119, CVE-2023-42793, CVE-2023-33063, CVE-2022-22071, CVE-2023-42118, CVE-2023-43654, CVE-2023-5217, CVE-2023-24855, CVE-2023-28540, CVE-2023-34970, CVE-2023-33028, CVE-2023-42116, CVE-2023-42115, CVE-2023-33106, CVE-2023-42114, CVE-2023-4863, CVE-2023-22515, CVE-2023-4911, CVE-2023-42824, CVE-2023-4211, CVE-2023-33107, CVE-2023-42117

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.25

Fetched: Oct. 17, 2023, 9:28 a.m., Published: Oct. 16, 2023, 3:05 p.m.
 Vulnerabilities: arbitrary command execution, user interface vulnerability, command execution
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2021-1435, CVE-2023-20198

Cisco warns customers of actively exploited critical vulnerability in IOS XE devices - SiliconANGLE

Trust: 3.75

Fetched: Oct. 17, 2023, 9:27 a.m., Published: Oct. 16, 2023, 10:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: router
vendor: cisco systems model: routers
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xe
vendor: cisco systems model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773, VAR-202309-2754

Trust: 5.5

Fetched: Oct. 17, 2023, 9:26 a.m., Published: Oct. 16, 2023, 8:44 p.m.
 Vulnerabilities: privilege escalation, arbitrary command execution, command execution...
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
db: NVD ids: CVE-2021-1435, CVE-2023-20231, CVE-2023-20198

Cisco Releases Security Advisory for IOS XE Software Web UI | CISA

Trust: 3.75

Fetched: Oct. 17, 2023, 9:25 a.m., Published: Oct. 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198

Cisco IOS XE Vulnerability: Here’s What To Know | CRN

Trust: 4.75

Fetched: Oct. 17, 2023, 9:25 a.m., Published: Oct. 16, 2023, 2:52 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: wireless lan controller
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198

Actively exploited Cisco 0-day with maximum 10 severity gives full network control | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.25

Fetched: Oct. 17, 2023, 9:24 a.m., Published: Oct. 16, 2023, 8:31 p.m.
 Vulnerabilities: arbitrary command execution, command execution
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: wireless lan controller
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2021-1435, CVE-2023-20198

Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED

Trust: 4.75

Fetched: Oct. 17, 2023, 9:22 a.m., Published: Dec. 8, 2020, 5:01 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs