Sign-up

VARIoT news about IoT security

Weekly Vulnerability Recap - Oct 9, 2023 - 6 Major Zero-Days

Related entries in the VARIoT vulnerabilities database: VAR-202312-0888

Trust: 5.25

Fetched: Oct. 17, 2023, 9:29 a.m., Published: Oct. 9, 2023, 7:46 p.m.
 Vulnerabilities: memory corruption, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad
vendor: google model: chrome
vendor: google model: android
vendor: cisco model: emergency responder
vendor: cisco model: cisco emergency responder
db: NVD ids: CVE-2022-1471, CVE-2023-33200, CVE-2023-42119, CVE-2023-42793, CVE-2023-33063, CVE-2022-22071, CVE-2023-42118, CVE-2023-43654, CVE-2023-5217, CVE-2023-24855, CVE-2023-28540, CVE-2023-34970, CVE-2023-33028, CVE-2023-42116, CVE-2023-42115, CVE-2023-33106, CVE-2023-42114, CVE-2023-4863, CVE-2023-22515, CVE-2023-4911, CVE-2023-42824, CVE-2023-4211, CVE-2023-33107, CVE-2023-42117

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.25

Fetched: Oct. 17, 2023, 9:28 a.m., Published: Oct. 16, 2023, 3:05 p.m.
 Vulnerabilities: arbitrary command execution, user interface vulnerability, command execution
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2021-1435, CVE-2023-20198

Cisco warns customers of actively exploited critical vulnerability in IOS XE devices - SiliconANGLE

Trust: 3.75

Fetched: Oct. 17, 2023, 9:27 a.m., Published: Oct. 16, 2023, 10:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: router
vendor: cisco systems model: routers
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xe
vendor: cisco systems model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773, VAR-202309-2754

Trust: 5.5

Fetched: Oct. 17, 2023, 9:26 a.m., Published: Oct. 16, 2023, 8:44 p.m.
 Vulnerabilities: privilege escalation, arbitrary command execution, command execution...
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
db: NVD ids: CVE-2021-1435, CVE-2023-20231, CVE-2023-20198

Cisco Releases Security Advisory for IOS XE Software Web UI | CISA

Trust: 3.75

Fetched: Oct. 17, 2023, 9:25 a.m., Published: Oct. 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198

Cisco IOS XE Vulnerability: Here’s What To Know | CRN

Trust: 4.75

Fetched: Oct. 17, 2023, 9:25 a.m., Published: Oct. 16, 2023, 2:52 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: wireless lan controller
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198

Actively exploited Cisco 0-day with maximum 10 severity gives full network control | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.25

Fetched: Oct. 17, 2023, 9:24 a.m., Published: Oct. 16, 2023, 8:31 p.m.
 Vulnerabilities: arbitrary command execution, command execution
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: wireless lan controller
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2021-1435, CVE-2023-20198

Critical Flaws in Millions of IoT Devices May Never Get Fixed | WIRED

Trust: 4.75

Fetched: Oct. 17, 2023, 9:22 a.m., Published: Dec. 8, 2020, 5:01 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability - Cisco

Trust: 3.75

Fetched: Oct. 17, 2023, 9:22 a.m., Published: June 29, 2023, 11:58 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: intrusion prevention system
vendor: cisco model: asdm
vendor: cisco model: firepower management center
vendor: cisco model: firepower
vendor: cisco model: security device manager
vendor: cisco model: adaptive security appliance
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security device manager
vendor: cisco model: firepower threat defense
vendor: cisco model: device manager
vendor: cisco model: asa software

Exploiting Apps vulnerable to Janus (CVE-2017-13156) | by Kal | Mobis3c | Medium

Trust: 3.75

Fetched: Oct. 17, 2023, 9:21 a.m., Published: March 26, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2017-13156

Finding Bugs in Windows Drivers, Part 1 - WDM

Trust: 4.5

Fetched: Oct. 17, 2023, 9:11 a.m., Published: May 24, 2022, midnight
 Vulnerabilities: memory corruption, privilege escalation, information leakage...
Affected productsExternal IDs
vendor: smarter model: coffee
db: NVD ids: CVE-2021-40328, CVE-2021-40332

Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices - SecurityWeek

Trust: 3.75

Fetched: Oct. 17, 2023, 9:10 a.m., Published: Dec. 15, 2020, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-25187, CVE-2020-27252, CVE-2020-25183

Which mobile device vulnerability relies on your device automatically picking up the access point with the strongest signal?

Related entries in the VARIoT vulnerabilities database: VAR-202105-1428, VAR-202105-0257, VAR-202105-1493, VAR-202105-1476, VAR-202105-1432, VAR-202105-1429, VAR-202105-1475, VAR-202105-1430, VAR-202105-1477, VAR-202105-1431

Trust: 3.75

Fetched: Oct. 17, 2023, 9:09 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-26141, CVE-2021-26139, CVE-2020-26145, CVE-2020-26143, CVE-2020-26144, CVE-2020-24586, CVE-2020-24587, CVE-2020-26140, CVE-2020-26147, CVE-2020-26139, CVE-2020-26142, CVE-2020-26146, CVE-2020-24588

Decades-Old Code Is Putting Millions of Critical Devices at Risk | WIRED

Trust: 3.0

Fetched: Oct. 17, 2023, 9:09 a.m., Published: Oct. 1, 2019, 3:12 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

This Free Tool Finds Vulnerable Devices on Your Network | Tom's Guide

Trust: 5.75

Fetched: Oct. 17, 2023, 9:08 a.m., Published: June 7, 2017, 4:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: printer
vendor: samsung model: android phone
vendor: samsung model: printers

Management Interfaces Cisco Networking Devices Vulnerable to RCE Attacks | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-201902-0427

Trust: 5.75

Fetched: Oct. 17, 2023, 9:08 a.m., Published: Feb. 27, 2019, 8:55 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: rv110w wireless-n vpn
vendor: cisco model: rv215w
vendor: cisco model: router
vendor: cisco model: rv215w wireless-n vpn router
vendor: cisco model: rv130w
vendor: cisco model: rv215w wireless-n vpn
vendor: cisco model: rv130w wireless-n multifunction vpn router
vendor: cisco model: rv110w
vendor: cisco model: rv110w wireless-n vpn firewall
db: NVD ids: CVE-2019-1663

CyberMDX Research Team Discovers Two Major Medical Device Vulnerabilities | Business Wire

Trust: 3.0

Fetched: Oct. 17, 2023, 9:07 a.m., Published: Aug. 28, 2018, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack - Help Net Security

Trust: 4.75

Fetched: Oct. 17, 2023, 9:06 a.m., Published: Dec. 9, 2020, 5:30 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
vendor: contiki-ng model: contiki-ng
vendor: contiki-ng model: contiki
vendor: contiki os model: contiki
vendor: contiki model: contiki-ng

New Attack exploiting serious Bluetooth weakness can intercept sensitive data | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-201908-1958

Trust: 4.75

Fetched: Oct. 17, 2023, 9:05 a.m., Published: Aug. 17, 2019, 1:56 p.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: motorola model: motorola
db: NVD ids: CVE-2019-9506

Security And Vulnerability Management Market Size & Forecast

Trust: 3.25

Fetched: Oct. 17, 2023, 9:04 a.m., Published: Sept. 20, 2023, 6:15 a.m.
 Vulnerabilities: sql injection, buffer overflow, denial of service
Affected productsExternal IDs
vendor: symantec model: antivirus
vendor: rising model: antivirus