VARIoT latest news about IoT security

Conti Ransomware Hitting VMware vCenter With Log4j Exploit Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.25 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, 2:02 p.m.	Vulnerabilities: code execution, privilege elevation

Affected products

External IDs

vendor:	trend	model:	security
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2021-44228

Software flaws in walk-through metal detectors made them hackable Trust: 3.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 22, 2021, 6:18 p.m.	Vulnerabilities: directory traversal, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2021-21905, CVE-2021-21904, CVE-2021-21901, CVE-2021-21909, CVE-2021-21907, CVE-2021-21908, CVE-2021-21906, CVE-2021-21903, CVE-2021-21902

Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product Trust: 4.25 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

huawei

model:

huawei

Tracking Device Made by Apple Showing Up in Suspected Crimes - NBC10 Philadelphia Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 23, 2021, 5:26 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

CVE - CVE-2021-43083 Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43083

Log4Shell vulnerability assessment and potential product impact statement \| Spacelabs Healthcare Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 14, 2021, 12:13 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

New Log4j flaw: 5 reasons why organizations should worry now - ManageEngine Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 4:59 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Latest Vendavo Response to Log4Shell Vulnerability - Vendavo Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 19, 2021, 10:15 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228, CVE-2021-45046

Microsoft details macOS vulnerability that allowed protected data access \| AppleInsider Trust: 3.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	icloud

Important Update on Critical Log4j Vulnerability - CVE-2021-44228 \| Arctic Wolf Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566, VAR-202112-2011 Trust: 4.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 29, 2021, 2:20 p.m.	Vulnerabilities: code execution, input validation vulnerability

Affected products

External IDs

vendor:

serve

model:

serve

db:

NVD

ids:

CVE-2021-45046, CVE-2021-44228, CVE-2021-44832

Knowledge Base - Is there any impact for Barco Products on the Log4Shell vulnerability? (CVE-2021-44228) - KB12495 - Barco Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:

barco

model:

clickshare

db:

NVD

ids:

CVE-2021-44228

Warning Log4j attackers are switching tactics to make money as experts say it could affect millions of devices for YEARS Trust: 3.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, 3:41 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	printer
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung

Is the Ring Doorbell susceptible to the Log4j vulnerability? - Products / Video Doorbells - Ring Community Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 2, 2022, 2:23 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	ring	model:	video doorbells
vendor:	ring	model:	ring

Update your PC to patch 6 zero-day flaws, 90 vulnerabilities Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: -	Vulnerabilities: code execution, cross-site scripting

Affected products	External IDs

Cyber Week in Review: December 17, 2021 \| Council on Foreign Relations Trust: 3.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

Are Endpoints at Risk for Log4Shell Attacks Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 18, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Microsoft Windows Codecs Library RCE (January 2022) Trust: 4.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-21917

5 Critical Code Vulnerabilities To Avoid At All Cost Trust: 3.5 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 10:32 a.m.	Vulnerabilities: default password, password guessing, cross-site scripting...

Affected products

External IDs

vendor:

serve

model:

serve

ESB-2021.4004.7 Related entries in the VARIoT vulnerabilities database: VAR-202109-1803, VAR-202109-1805, VAR-202109-1804, VAR-202109-1802 Trust: 5.75 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 21, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	cisco prime collaboration assurance
vendor:	cisco systems	model:	fxos
vendor:	cisco systems	model:	prime network
vendor:	cisco systems	model:	hosted collaboration mediation fulfillment
vendor:	cisco systems	model:	video surveillance media server
vendor:	cisco systems	model:	cisco telepresence
vendor:	cisco systems	model:	cisco policy suite
vendor:	cisco systems	model:	firepower management center
vendor:	cisco systems	model:	wide area application services
vendor:	cisco systems	model:	security manager
vendor:	cisco systems	model:	unified communications manager session management edition
vendor:	cisco systems	model:	cisco prime network services controller
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	unified communications manager im & presence service
vendor:	cisco systems	model:	cisco prime optical
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco expressway
vendor:	cisco systems	model:	cisco ucs manager
vendor:	cisco systems	model:	ucs director
vendor:	cisco systems	model:	ucs central software
vendor:	cisco systems	model:	unified communications
vendor:	cisco systems	model:	virtual security gateway
vendor:	cisco systems	model:	cloud services platform
vendor:	cisco systems	model:	firepower
vendor:	cisco systems	model:	cisco prime infrastructure
vendor:	cisco systems	model:	unified communications domain manager
vendor:	cisco systems	model:	prime collaboration
vendor:	cisco systems	model:	policy suite
vendor:	cisco systems	model:	prime collaboration provisioning
vendor:	cisco systems	model:	cisco security manager
vendor:	cisco systems	model:	prime infrastructure
vendor:	cisco systems	model:	cisco cloud services platform 2100
vendor:	cisco systems	model:	prime network services controller
vendor:	cisco systems	model:	unified communications manager
vendor:	cisco systems	model:	cisco firepower management center
vendor:	cisco systems	model:	expressway
vendor:	cisco systems	model:	cisco socialminer
vendor:	cisco systems	model:	nexus
vendor:	cisco systems	model:	cisco virtual topology system
vendor:	cisco systems	model:	cisco prime collaboration provisioning
vendor:	cisco systems	model:	cisco ucs director
vendor:	cisco systems	model:	virtual topology system
vendor:	cisco systems	model:	ucs manager
vendor:	cisco systems	model:	dna center
vendor:	cisco systems	model:	cisco unified communications domain manager
vendor:	cisco systems	model:	smart net total care
vendor:	cisco systems	model:	cisco prime collaboration
vendor:	cisco systems	model:	telepresence
vendor:	cisco systems	model:	cisco prime network
vendor:	cisco systems	model:	expressway series
vendor:	cisco systems	model:	prime collaboration assurance
vendor:	cisco systems	model:	cisco unified communications manager
vendor:	cisco systems	model:	cloud services platform 2100
vendor:	cisco systems	model:	socialminer
vendor:	cisco systems	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco systems	model:	prime optical
vendor:	cisco systems	model:	firepower threat defense
vendor:	cisco	model:	cisco prime collaboration assurance
vendor:	cisco	model:	fxos
vendor:	cisco	model:	prime network
vendor:	cisco	model:	hosted collaboration mediation fulfillment
vendor:	cisco	model:	video surveillance media server
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	wide area application services
vendor:	cisco	model:	security manager
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco prime network services controller
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	cisco prime optical
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	cisco ucs manager
vendor:	cisco	model:	ucs director
vendor:	cisco	model:	ucs central software
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	virtual security gateway
vendor:	cisco	model:	cloud services platform
vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	unified communications domain manager
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	prime collaboration provisioning
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco cloud services platform 2100
vendor:	cisco	model:	prime network services controller
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco socialminer
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco virtual topology system
vendor:	cisco	model:	cisco prime collaboration provisioning
vendor:	cisco	model:	cisco ucs director
vendor:	cisco	model:	virtual topology system
vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco unified communications domain manager
vendor:	cisco	model:	smart net total care
vendor:	cisco	model:	cisco prime collaboration
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco prime network
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	prime collaboration assurance
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cloud services platform 2100
vendor:	cisco	model:	socialminer
vendor:	cisco	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco	model:	prime optical
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-39275, CVE-2021-34798, CVE-2021-36160, CVE-2021-40438, CVE-2021-33193

Researchers Find Four Security Flaws Affecting Microsoft Teams Trust: 5.0 Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 23, 2021, 11:28 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

node.js

model:

node.js

VARIoT news about IoT security