VARIoT latest news about IoT security

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272 Trust: 5.0 Fetched: Feb. 4, 2024, 10:21 a.m., Published: Jan. 11, 2024, 6:08 a.m.	Vulnerabilities: improper validation

Affected products

External IDs

vendor:	cisco	model:	unity
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	unity connection

db:

NVD

ids:

CVE-2024-20272

Arris SURFboard SBG6950AC2 Arbitrary Command Execution Vulnerability - Exodus Intelligence Trust: 3.75 Fetched: Feb. 4, 2024, 10:21 a.m., Published: Jan. 25, 2024, 11:34 p.m.	Vulnerabilities: code execution, arbitrary command execution, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-23618

IoT Security : Challenges And Solutions - ITU Online Trust: 3.25 Fetched: Feb. 4, 2024, 10:19 a.m., Published: Jan. 14, 2024, 4:32 p.m.	Vulnerabilities: denial of service, default credentials, device impersonation

Affected products	External IDs

What Are the Most Popular Blinds for 2022? - ByRetreat Trust: 3.5 Fetched: Feb. 4, 2024, 10:17 a.m., Published: Jan. 29, 2024, 2:05 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

Juniper Fixes Junos OS Critical RCE Vulnerability In Its SRX And EX Devices \| Daily Security Review Trust: 3.25 Fetched: Feb. 4, 2024, 10:15 a.m., Published: Jan. 16, 2024, 10:43 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36847, CVE-2023-36845, CVE-2024-21591, CVE-2023-36846, CVE-2023-36844

An Introduction to IoT Penetration Testing - Security Boulevard Trust: 3.75 Fetched: Feb. 4, 2024, 10:14 a.m., Published: Jan. 29, 2024, 10:38 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Critical Security Vulnerabilities Identified in ConnectWise ScreenConnect by Gotham Security Researchers - IT Security Guru Trust: 3.0 Fetched: Feb. 4, 2024, 10:14 a.m., Published: Jan. 11, 2024, 2:43 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-47257, CVE-2023-47256

Apple's new Stolen Device Protection has a big vulnerability. Here's how to fix it - News Headlines Trust: 3.25 Fetched: Feb. 4, 2024, 10:13 a.m., Published: Jan. 30, 2024, 4 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Federal Agency Issues Security Warning for Apple Devices, Gives Three Weeks to Comply \| The Epoch Times Trust: 4.75 Fetched: Feb. 4, 2024, 10:05 a.m., Published: Aug. 28, 2016, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2022-48618, CVE-2024-23222

Oracle Linux 9 : grub2 (ELSA-2024-0468) - vulnerability database \| Vulners.com Trust: 3.75 Fetched: Feb. 4, 2024, 10:04 a.m., Published: Jan. 30, 2024, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-4001

Update your Apple devices, because the latest releases patched a major security flaw - iOS Discussions on AppleInsider Forums Trust: 5.0 Fetched: Feb. 4, 2024, 10:03 a.m., Published: Jan. 24, 2024, 11:43 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	apple tv
vendor:	apple	model:	webkit
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	watch
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2024-23222

From Security Week - Kyocera Device Manager Vulnerability Exposes Enterprise Credentials - Threat Note Trust: 3.25 Fetched: Feb. 4, 2024, 9:56 a.m., Published: Jan. 10, 2024, 7:50 a.m.	Vulnerabilities: input validation flaw

Affected products	External IDs

16 Types of Cyberattacks and How to Prevent Them Trust: 4.25 Fetched: Feb. 4, 2024, 9:55 a.m., Published: Feb. 16, 2024, midnight	Vulnerabilities: cross-site scripting, sql injection, injection attack

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	check point	model:	check point

CISA Adds Six Known Exploited Vulnerabilities to Catalog \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202210-1176 Trust: 4.75 Fetched: Feb. 4, 2024, 9:55 a.m., Published: Feb. 4, 2023, midnight	Vulnerabilities: improper access control, code execution, access control vulnerability...

Affected products

External IDs

vendor:

d-link

model:

dsl-2750b

db:

NVD

ids:

CVE-2023-27524, CVE-2023-23752, CVE-2023-29300, CVE-2023-41990, CVE-2023-38203, CVE-2016-20017

Top 10 Emerging Cybersecurity Threat in 2024 (and Solutions) Trust: 3.5 Fetched: Feb. 4, 2024, 9:54 a.m., Published: Jan. 29, 2024, 5:49 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	essential	model:	phone

Apple iPhone and MacBook users are at a high risk of being hacked, Indian govt warns - India Today Trust: 3.0 Fetched: Feb. 4, 2024, 9:53 a.m., Published: Feb. 1, 2024, 6:24 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	tvos
vendor:	apple	model:	macbook
vendor:	apple	model:	icloud
vendor:	apple	model:	ipad
vendor:	apple	model:	ipod touch
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	macos

US government tells federal agencies they have 48 hours to repair Ivanti VPN tech following breaches \| TechRadar Trust: 5.0 Fetched: Feb. 4, 2024, 9:47 a.m., Published: Feb. 2, 2024, 1:04 p.m.	Vulnerabilities: authentication bypass, code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Risk Dashboard - Arctic Wolf Docs Trust: 3.0 Fetched: Feb. 4, 2024, 9:46 a.m., Published: Jan. 25, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

SonicWall firewall vulnerability impacts 178,000 devices Trust: 4.5 Fetched: Feb. 4, 2024, 9:46 a.m., Published: Jan. 16, 2024, 7:45 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

sonicwall

model:

remote access

db:

NVD

ids:

CVE-2022-22274, CVE-2023-0656

Apple and Google Just Patched Their First Zero-Day Flaws of the Year \| WIRED Trust: 5.5 Fetched: Feb. 4, 2024, 9:44 a.m., Published: Jan. 31, 2024, noon	Vulnerabilities: code execution, memory corruption, feature bypass...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	cisco	model:	unified communications

db:

NVD

ids:

CVE-2024-0808, CVE-2024-0743, CVE-2024-0755, CVE-2024-0807, CVE-2024-20677, CVE-2024-0741, CVE-2024-20253, CVE-2023-49583, CVE-2023-50422, CVE-2024-0812, CVE-2024-21737, CVE-2024-20674

VARIoT news about IoT security