VARIoT latest news about IoT security

Knowledge Article View - Thales Customer Support Related entries in the VARIoT vulnerabilities database: VAR-201404-0008, VAR-200310-0080, VAR-201409-1156, VAR-201507-0348, VAR-201808-0959, VAR-201412-0271, VAR-202112-0562, VAR-201405-0244, VAR-201410-1418, VAR-201406-0137, VAR-201801-0826, VAR-201602-0004, VAR-201601-0029, VAR-201605-0077, VAR-201406-0117, VAR-201411-0154, VAR-202203-1506, VAR-200310-0072, VAR-201504-0247, VAR-202302-0482, VAR-201605-0078, VAR-201406-0142, VAR-202112-0566, VAR-201501-0338, VAR-201805-0963, VAR-201808-0958, VAR-201406-0445, VAR-201801-1711, VAR-202302-0195, VAR-201808-0957, VAR-201501-0737, VAR-201710-0668, VAR-201801-1712 Trust: 4.25 Fetched: Dec. 6, 2023, 9:31 a.m., Published: -	Vulnerabilities: code execution, security feature bypass, feature bypass...

Affected products

External IDs

vendor:	gemalto	model:	idprime.net
vendor:	gemalto	model:	sentinel ldk
vendor:	gemalto	model:	sentinel ldk rte
vendor:	sentinel	model:	ldk rte
vendor:	node.js	model:	node.js
vendor:	infineon	model:	rsa library

db:

NVD

ids:

CVE-2010-5298, CVE-2017-0147, CVE-2023-38546, CVE-2021-3011, CVE-2003-0681, CVE-2017-0146, CVE-2014-6271, CVE-2016-0800, CVE-2016-0703, CVE-2015-1793, CVE-2022-3602, CVE-2015-5464, CVE-2018-3615, CVE-2015-7967, CVE-2015-7961, CVE-2008-4250, CVE-2023-29017, CVE-2022-22963, CVE-2014-8730, CVE-2021-45046, CVE-2022-4203, CVE-2014-0198, CVE-2014-3566, CVE-2014-0195, CVE-2017-5715, CVE-2015-7547, CVE-2023-38545, CVE-2018-7183, CVE-2023-0401, CVE-2016-0777, CVE-2016-2107, CVE-2014-3470, CVE-2014-6324, CVE-2022-22965, CVE-2003-0694, CVE-2015-2808, CVE-2022-4304, CVE-2016-2108, CVE-2014-0221, CVE-2021-44228, CVE-2015-0204, CVE-2023-0216, CVE-2017-3622, CVE-2018-3639, CVE-2015-7596, CVE-2018-3620, CVE-2022-22950, CVE-2023-0217, CVE-2017-11427, CVE-2022-3706, CVE-2021-4034, CVE-2017-3623, CVE-2023-0286, CVE-2015-7598, CVE-2014-0224, CVE-2017-5754, CVE-2022-4450, CVE-2023-0215, CVE-2018-8340, CVE-2009-3103, CVE-2018-3646, CVE-2015-0235, CVE-2015-0291, CVE-2017-15361, CVE-2017-5753

Weekly Vulnerability Recap - October 2, 2023 - Cloudflare DDoS Exploit Related entries in the VARIoT vulnerabilities database: VAR-202309-2742 Trust: 5.5 Fetched: Dec. 6, 2023, 9:30 a.m., Published: Oct. 2, 2023, 8:44 p.m.	Vulnerabilities: cross-site request forgery, directory traversal, command injection...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	xiaomi	model:	redmi
vendor:	motorola	model:	motorola
vendor:	cisco	model:	wan manager
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile phones
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2023-42115, CVE-2023-5217, CVE-2023-20252, CVE-2023-40044, CVE-2023-24955, CVE-2023-29357

About the security content of iOS 16.7.2 and iPadOS 16.7.2 - Apple Support Trust: 5.25 Fetched: Dec. 6, 2023, 9:30 a.m., Published: July 16, 2002, midnight	Vulnerabilities: code execution, user interface issue

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	safari
vendor:	apple	model:	mdnsresponder
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-40449, CVE-2023-32359, CVE-2023-41983, CVE-2023-42846, CVE-2023-42849, CVE-2023-40408, CVE-2023-40446, CVE-2023-41977, CVE-2023-40423, CVE-2023-41254, CVE-2023-42852, CVE-2023-40447, CVE-2023-40413, CVE-2023-41976, CVE-2023-40416, CVE-2023-41997, CVE-2023-42841, CVE-2023-41982

Apple issues emergency patches for 3 zero-day bugs \| TechTarget Trust: 3.75 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Sept. 22, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-41992, CVE-2023-41991, CVE-2023-41061, CVE-2023-41993, CVE-2023-41064

Cisco IOS XE zero-day facing mass exploitation \| TechTarget Trust: 3.75 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco Discloses ‘Critical’ Zero-Day Vulnerability In IOS XE \| CRN Trust: 6.25 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Oct. 16, 2023, 12:33 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

cisco

model:

ios xe

db:

NVD

ids:

CVE-2023-20198

Android Security Update: Android users, Google wants you to download this security update right away Trust: 3.0 Fetched: Dec. 6, 2023, 9:28 a.m., Published: Dec. 5, 2023, 3:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

All About Common Vulnerabilities and Exposures (CVEs) Trust: 3.5 Fetched: Dec. 6, 2023, 9:27 a.m., Published: Oct. 5, 2023, 10:18 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2023-4863, CVE-2023-4077, CVE-2021-44189

Android Security Paper 2023: An update on mobile protections Trust: 3.0 Fetched: Dec. 6, 2023, 9:27 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

What to Know about Cisco Duo Windows App Vulnerability \| Community Trust: 4.75 Fetched: Dec. 6, 2023, 9:26 a.m., Published: Dec. 3, 2023, midnight	Vulnerabilities: directory traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20229

All You Need to Know About Android App Vulnerability: Improper Platform Usage - Astra Security Blog Trust: 3.75 Fetched: Dec. 6, 2023, 9:25 a.m., Published: Sept. 26, 2023, 1:35 p.m.	Vulnerabilities: cross-site scripting

Affected products	External IDs

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202108-1914, VAR-202112-0566 Trust: 5.25 Fetched: Dec. 6, 2023, 9:22 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: code execution, credential disclosure, password disclosure...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	essential	model:	phone

db:

NVD

ids:

CVE-2019-18935, CVE-2021-36942, CVE-2022-24682, CVE-2021-44228, CVE-2022-37042, CVE-2022-27925, CVE-2022-30333, CVE-2022-27924

What Measure Should Be Taken To Secure IoT Devices? \| Robots.net Trust: 3.75 Fetched: Dec. 6, 2023, 9:19 a.m., Published: Sept. 16, 2023, 12:01 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Hello Authentication Vulnerabilities Discovered: Stay Safe Trust: 3.75 Fetched: Dec. 6, 2023, 9:19 a.m., Published: Dec. 1, 2023, 1:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

lenovo

model:

thinkpad

db:

NVD

ids:

CVE-2021-34466

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967 Trust: 4.0 Fetched: Dec. 6, 2023, 9:18 a.m., Published: Oct. 10, 2023, 12:07 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2023-4967, CVE-2023-4966

Electronics \| Free Full-Text \| Detection of Vulnerabilities in Smart Buildings Using the Shodan Tool Related entries in the VARIoT vulnerabilities database: VAR-201706-1000 Trust: 5.0 Fetched: Dec. 6, 2023, 9:16 a.m., Published: Jan. 6, 2023, midnight	Vulnerabilities: code execution, default password, brute force attack...

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	tp-link	model:	gateway
vendor:	tp-link	model:	wr841n
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	d-link	model:	router
vendor:	d-link	model:	d-link dcs-2121
vendor:	d-link	model:	dcs-2121
vendor:	trend	model:	security
vendor:	ecobee	model:	smart thermostat
vendor:	rapid	model:	scada
vendor:	essential	model:	phone
vendor:	siemens	model:	ip camera
vendor:	belkin	model:	router
vendor:	belkin	model:	wemo switch

db:

NVD

ids:

CVE-2017-15906, CVE-2017-7679, CVE-2018-1312, CVE-2019-0220, CVE-2018-15919, CVE-2019-0211, CVE-2018-17199

Citrix Bleed and Monitoring Network Devices - Eclypsium \| Supply Chain Security for the Modern Enterprise Trust: 4.5 Fetched: Dec. 6, 2023, 9:14 a.m., Published: Dec. 5, 2023, 4 p.m.	Vulnerabilities: memory corruption, command injection, default credentials

Affected products

External IDs

vendor:	citrix	model:	netscaler
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2023-4966

Android 14 Security Release Notes \| Android Open Source Project Trust: 4.75 Fetched: Dec. 6, 2023, 9:13 a.m., Published: Dec. 14, 2023, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-21385, CVE-2023-21312, CVE-2023-21369, CVE-2023-21346, CVE-2023-21358, CVE-2023-21310, CVE-2023-21330, CVE-2023-21376, CVE-2023-21397, CVE-2022-27404, CVE-2023-21347, CVE-2023-21301, CVE-2023-21303, CVE-2023-21320, CVE-2023-21326, CVE-2023-21352, CVE-2022-20531, CVE-2023-21306, CVE-2023-21364, CVE-2023-21331, CVE-2023-21370, CVE-2023-21328, CVE-2023-21383, CVE-2023-21386, CVE-2023-21296, CVE-2023-21305, CVE-2023-21323, CVE-2023-21335, CVE-2023-21311, CVE-2023-21334, CVE-2023-21338, CVE-2023-21342, CVE-2023-21343, CVE-2023-21294, CVE-2023-21390, CVE-2023-21293, CVE-2023-21319, CVE-2023-21344, CVE-2023-21391, CVE-2023-21374, CVE-2023-21388, CVE-2023-21380, CVE-2023-21375, CVE-2023-21336, CVE-2023-21393, CVE-2023-21396, CVE-2022-20264, CVE-2023-21318, CVE-2023-21314, CVE-2023-21356, CVE-2023-21333, CVE-2023-21357, CVE-2023-21316, CVE-2023-21329, CVE-2023-21321, CVE-2023-21360, CVE-2023-40101, CVE-2023-21309, CVE-2023-21362, CVE-2023-21373, CVE-2023-21337, CVE-2023-21384, CVE-2023-21395, CVE-2023-21351, CVE-2023-21325, CVE-2023-21348, CVE-2022-29824, CVE-2023-21315, CVE-2023-21340, CVE-2023-21355, CVE-2023-21372, CVE-2023-21317, CVE-2023-21300, CVE-2023-21350, CVE-2023-21389, CVE-2023-21377, CVE-2023-21302, CVE-2023-21387, CVE-2023-21367, CVE-2023-21339, CVE-2023-21371, CVE-2023-21392, CVE-2023-21379, CVE-2023-21327, CVE-2023-21349, CVE-2023-21313, CVE-2023-21297, CVE-2023-21398, CVE-2023-21394, CVE-2023-21308, CVE-2023-35678, CVE-2023-21345, CVE-2023-21307, CVE-2023-21324, CVE-2023-21381, CVE-2023-21366, CVE-2023-21299, CVE-2023-21354, CVE-2023-45780, CVE-2023-21365, CVE-2023-21332, CVE-2023-21361, CVE-2023-21304, CVE-2023-21368, CVE-2021-39810, CVE-2023-21378, CVE-2023-21295, CVE-2023-21353, CVE-2023-21359, CVE-2023-21382, CVE-2023-21341, CVE-2023-21298

SSA-292063 Trust: 5.5 Fetched: Dec. 5, 2023, 9:30 a.m., Published: June 22, 2003, midnight	Vulnerabilities: sql injection, denial of service

Affected products

External IDs

vendor:	nozomi	model:	networks guardian
vendor:	nozomi	model:	guardian

db:

NVD

ids:

CVE-2023-29245, CVE-2023-2567, CVE-2023-32649

Exploited Vulnerabilities Can Take Months to Make KEV List Trust: 4.75 Fetched: Dec. 5, 2023, 9:27 a.m., Published: Dec. 5, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-27532

VARIoT news about IoT security