Sign-up

VARIoT news about IoT security

Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

Trust: 5.0

Fetched: Aug. 20, 2023, 9:23 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: expressway
vendor: cisco model: cisco expressway
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco telepresence video communication server
vendor: cisco model: telepresence
vendor: cisco model: telepresence video communication server
vendor: cisco model: expressway series
vendor: cisco model: series

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Trust: 3.25

Fetched: Aug. 20, 2023, 9:23 a.m., Published: Aug. 19, 2023, 7:38 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36847, CVE-2023-36844, CVE-2023-36845, CVE-2023-36846

Hackers exploiting RCE vulnerability in NetScaler, Gateway devices to implant webshells, CISA warns - Industrial Cyber

Trust: 5.5

Fetched: Aug. 20, 2023, 9:22 a.m., Published: July 21, 2023, 12:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2023-3519

Armis and Honeywell jointly disclose “Crit.IX” | Armis

Trust: 3.5

Fetched: Aug. 20, 2023, 9:21 a.m., Published: July 14, 2023, 6:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: honeywell model: experion process knowledge system
vendor: honeywell model: experion

AXIS A1001 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202307-2464

Trust: 5.75

Fetched: Aug. 20, 2023, 9:21 a.m., Published: March 7, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: axis communications model: axis a1001
vendor: axis communications model: communications
vendor: axis communications model: a1001
vendor: axis model: axis a1001
vendor: axis model: communications
vendor: axis model: a1001
db: NVD ids: CVE-2023-21406

Ivanti patches zero-day vulnerability in its Endpoint Manager Mobile software

Trust: 4.25

Fetched: Aug. 20, 2023, 9:20 a.m., Published: July 25, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2020-1550, CVE-2023-35078

CVE-2023-35082 - Vulnerability affecting EPMM and MobileIron Core | Ivanti

Trust: 3.0

Fetched: Aug. 20, 2023, 9:20 a.m., Published: Aug. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35082

Get vulnerability by ID | Microsoft Learn

Trust: 3.0

Fetched: Aug. 20, 2023, 9:18 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2019-0608

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

Trust: 4.5

Fetched: Aug. 20, 2023, 9:18 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: cross-site request forgery, request forgery
Affected productsExternal IDs
vendor: cisco model: 8831
vendor: cisco model: ip phone
vendor: cisco model: ip conference phone
vendor: cisco model: series

Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS | Microsoft Security Blog

Trust: 5.25

Fetched: Aug. 20, 2023, 9:17 a.m., Published: Aug. 11, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, replay attack...
Affected productsExternal IDs
vendor: wago model: wago pfc200
vendor: wago model: pfc200
vendor: codesys model: runtime
vendor: codesys model: control
vendor: codesys model: codesys
db: NVD ids: CVE-2019-9013

Citrix zero-day vulnerability under attack - Security - iTnews

Trust: 5.75

Fetched: Aug. 20, 2023, 9:17 a.m., Published: Aug. 7, 2023, midnight
 Vulnerabilities: code execution, privilege escalation, cross-site scripting
Affected productsExternal IDs
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-3467, CVE-2023-3519, CVE-2023-3466

DSA-2022-143: Dell Wyse Management Suite Security Update for Multiple Vulnerabilities. | Dell Polska

Related entries in the VARIoT vulnerabilities database: VAR-202206-1979, VAR-202206-2069

Trust: 5.5

Fetched: Aug. 20, 2023, 9:16 a.m., Published: March 6, 2001, midnight
 Vulnerabilities: path traversal, information disclosure, request forgery...
Affected productsExternal IDs
vendor: jquery model: jquery
db: NVD ids: CVE-2022-29097, CVE-2022-29096, CVE-2021-41184

Apple MDM Solutions: MDM for Mac, iPhone, iPad | Kandji

Trust: 3.0

Fetched: Aug. 20, 2023, 9:16 a.m., Published: Aug. 20, 2023, 2 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

Trust: 3.25

Fetched: Aug. 20, 2023, 9:16 a.m., Published: Aug. 3, 2023, 2:03 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: email security appliance

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Trust: 3.25

Fetched: Aug. 20, 2023, 9:15 a.m., Published: Aug. 17, 2023, 9:54 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Cisco Umbrella Virtual Appliance Undocumented Support Tunnel Vulnerability

Trust: 3.0

Fetched: Aug. 20, 2023, 9:15 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco umbrella virtual appliance
vendor: cisco model: umbrella virtual appliance
vendor: cisco model: umbrella

Vulnerability in QVPN Device Client for Windows - Security Advisory | QNAP

Trust: 3.25

Fetched: Aug. 20, 2023, 9:14 a.m., Published: May 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27595

Lenovo UDC Vulnerability - Lenovo Support US

Trust: 5.75

Fetched: Aug. 20, 2023, 9:14 a.m., Published: -
 Vulnerabilities: search path vulnerability, privilege escalation, uncontrolled search path
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-3078

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Trust: 4.25

Fetched: Aug. 18, 2023, 9:13 a.m., Published: Aug. 17, 2023, 10 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability

Trust: 4.75

Fetched: Aug. 18, 2023, 9:13 a.m., Published: Aug. 16, 2023, 3:59 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav