Sign-up

VARIoT news about IoT security

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 3.75

Fetched: Dec. 14, 2022, 9:18 a.m., Published: Dec. 12, 2022, 10:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phones
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone
vendor: cisco model: series ip phones
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone 7800 series
vendor: cisco model: voice vlan
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 7800
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Access Denied

Trust: 3.25

Fetched: Dec. 14, 2022, 9:12 a.m., Published: Dec. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway

KB4073757-Protect Windows devices against silicon-based microarchitectural and speculative execution side-channel vulnerabilities - Microsoft Support

Related entries in the VARIoT vulnerabilities database: VAR-201806-1505

Trust: 4.75

Fetched: Dec. 14, 2022, 9:12 a.m., Published: Feb. 28, 2020, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2019-1125, CVE-2018-3665

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Dec. 14, 2022, 9:11 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Sensors | Free Full-Text | Robust Financial Fraud Alerting System Based in the Cloud Environment

Trust: 3.5

Fetched: Dec. 13, 2022, 9:20 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: denial of service, buffer overflow, sql injection
Affected productsExternal IDs
vendor: trend model: security

Nozomi throws light on security vulnerabilities found in Winbox payload protocol used to configure MikroTik devices - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 4.25

Fetched: Dec. 13, 2022, 9:16 a.m., Published: Dec. 12, 2022, 11:23 a.m.
 Vulnerabilities: brute force attack, path traversal
Affected productsExternal IDs
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros
vendor: mikrotik model: router
vendor: mikrotik model: routers
vendor: microtik model: mikrotik router
vendor: microtik model: mikrotik routers
vendor: microtik model: winbox
vendor: microtik model: routeros
vendor: microtik model: router
vendor: microtik model: routers
db: NVD ids: CVE-2018-14847

Cyber Security Asean

Trust: 3.75

Fetched: Dec. 13, 2022, 9:15 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Microsoft Edge Browser - Security Vulnerabilities in 2022

Trust: 5.25

Fetched: Dec. 13, 2022, 9:14 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: memory corruption, use after free, feature bypass...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2021-26436, CVE-2018-1022, CVE-2018-8139, CVE-2018-8133, CVE-2021-30624, CVE-2021-21157, CVE-2018-0953, CVE-2020-17153, CVE-2020-1195, CVE-2018-0955, CVE-2022-33649, CVE-2021-30617, CVE-2021-30611, CVE-2018-8123, CVE-2018-8114, CVE-2021-21141, CVE-2018-1021, CVE-2021-30610, CVE-2021-30609, CVE-2022-44708, CVE-2021-30614, CVE-2022-41115, CVE-2018-8122, CVE-2021-33741, CVE-2022-33680, CVE-2018-0943, CVE-2021-24113, CVE-2021-30607, CVE-2018-8130, CVE-2018-1025, CVE-2018-0951, CVE-2018-8358, CVE-2021-30622, CVE-2021-30613, CVE-2022-4135, CVE-2022-38012, CVE-2021-30618, CVE-2021-30615, CVE-2021-30608, CVE-2021-30621, CVE-2021-30620, CVE-2018-8388, CVE-2018-0954, CVE-2018-0945, CVE-2020-16884, CVE-2018-8137, CVE-2021-30606, CVE-2018-8177, CVE-2021-38669, CVE-2021-24100, CVE-2018-8128, CVE-2022-33636, CVE-2021-36930, CVE-2018-8178, CVE-2018-8179, CVE-2022-35796, CVE-2022-33639, CVE-2021-30616, CVE-2021-30612, CVE-2021-21140, CVE-2021-30623, CVE-2018-8383, CVE-2018-0946, CVE-2018-8145, CVE-2018-8112, CVE-2022-41035, CVE-2021-30619, CVE-2022-44688

Cisco discloses high-severity IP phone vulnerability - Techzine Europe

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057

Trust: 3.75

Fetched: Dec. 13, 2022, 9:13 a.m., Published: Dec. 12, 2022, 8:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone 7800 series
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone
db: NVD ids: CVE-2020-3452

Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters | SecurityWeek.Com

Trust: 4.25

Fetched: Dec. 13, 2022, 9:12 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2022-35829

List vulnerabilities by software | Microsoft Learn

Trust: 3.75

Fetched: Dec. 13, 2022, 9:12 a.m., Published: Oct. 19, 2022, 9:04 p.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2017-0140

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202207-0037, VAR-202207-0036

Trust: 3.75

Fetched: Dec. 13, 2022, 9:11 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: omron model: omron plc
db: NVD ids: CVE-2022-34151, CVE-2022-33208, CVE-2022-33971

Cisco discloses high-severity IP phone zero-day with exploit code

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 13, 2022, 9:10 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: voice vlan
vendor: cisco model: ip phones
vendor: cisco model: ip phone
db: NVD ids: CVE-2022-20968

Vulnerability Database

Trust: 4.0

Fetched: Dec. 13, 2022, 9:10 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-45797

The increase in vulnerabilities is the reason why device vulnerability management is important

Trust: 3.75

Fetched: Dec. 13, 2022, 9:10 a.m., Published: Dec. 11, 2022, 7:18 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Cisco reveals zero-day vulnerability in IP phones

Trust: 3.25

Fetched: Dec. 11, 2022, 9:18 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phones

Google warns that millions of Android devices could be at risk of being attacked due to this vulnerability - casinomalta

Trust: 3.75

Fetched: Dec. 11, 2022, 9:17 a.m., Published: Nov. 26, 2022, 4:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: apple model: iphone
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: mobile
vendor: samsung model: galaxy s10
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-33917

vulnerability assessments Archives - Securicon

Trust: 4.75

Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: home
vendor: google model: android

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data | SecurityWeek.Com

Trust: 5.75

Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: weak password, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-45477, CVE-2022-45481, CVE-2022-45482, CVE-2022-45479

Cisco Identity Services Engine Insufficient Access Control Vulnerability - Cisco

Trust: 3.75

Fetched: Dec. 11, 2022, 9:15 a.m., Published: Nov. 29, 2022, 6:53 a.m.
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine