VARIoT latest news about IoT security

Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale \| Tech Times Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:

check point

model:

check point

Moobot botnet exploits CVE-2021-36260 flaw in Hikvision productsSecurity Affairs Trust: 4.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 7:47 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

hikvision

model:

hikvision

db:

NVD

ids:

CVE-2021-36260

Multiple Vulnerabilities in SonicWall SMA 100 Series Could Allow for Arbitrary Code Execution \| New York State Office of Information Technology Services Trust: 4.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 8:20 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

sonicwall

model:

sma 100

Cybersecurity, multiple vulnerabilities in Android OS Trust: 3.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 5:27 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

NVD - CVE-2021-34794 Related entries in the VARIoT vulnerabilities database: VAR-202110-1375 Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	firepower_threat_defense
vendor:	cisco	model:	asa_5580_firmware
vendor:	cisco	model:	adaptive_security_appliance
vendor:	cisco	model:	asa_5545-x_firmware
vendor:	cisco	model:	asa_5580
vendor:	cisco	model:	asa_5505_firmware
vendor:	cisco	model:	asa_5555-x_firmware
vendor:	cisco	model:	asa_5585-x
vendor:	cisco	model:	asa_5525-x_firmware
vendor:	cisco	model:	asa_5585-x_firmware
vendor:	cisco	model:	asa_5505
vendor:	cisco	model:	asa_5512-x_firmware
vendor:	cisco	model:	asa_5515-x_firmware

db:

NVD

ids:

CVE-2021-34794

Unauthenticated Remote Code Execution Vulnerability \| ManageEngine Patch Connect Plus Trust: 4.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: code execution

Affected products	External IDs

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery \| Threatpost Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43880, CVE-2021-28474, CVE-2021-43905, CVE-2021-43907, CVE-2021-41379, CVE-2021-43893, CVE-2021-43899, CVE-2021-43240, cve-2021-28474, CVE-2021-43890, CVE-2021-43233, CVE-2021-41333, CVE-2021-43883, CVE-2021-43217, CVE-2021-38666, CVE-2021-24084, CVE-2021-42309, CVE-2021-43215, CVE-2021-42310

US warns hundreds of millions of devices at risk from newly revealed software vulnerability - KAKE Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

cve-2021-44228

The Log4j security flaw could impact the entire internet. Here's what you should know - CNN Trust: 3.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	check point	model:	check point

db:	NVD	ids:	cve-2021-44228
db:	USCERT	ids:	AB71-632D

CVE security vulnerability database. Security vulnerabilities, exploits, references and more Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0785, VAR-202112-0132, VAR-202112-0784, VAR-202112-0786, VAR-202112-0105, VAR-202112-0562 Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: code injection, code execution, os command injection...

Affected products

External IDs

vendor:	zoho	model:	opmanager
vendor:	zoho	model:	oputils
vendor:	zoho	model:	manageengine desktop central
vendor:	zoho	model:	manageengine opmanager
vendor:	google	model:	android

db:

NVD

ids:

CVE-2021-44557, CVE-2021-44686, CVE-2021-44680, CVE-2021-44514, CVE-2021-44228, CVE-2021-44847, CVE-2021-44556, CVE-2021-45015, CVE-2021-44948, CVE-2021-44657, CVE-2021-44480, CVE-2021-45014, CVE-2021-44966, CVE-2021-44679, CVE-2021-45043, CVE-2021-44523, CVE-2021-44513, CVE-2021-44937, CVE-2021-44942, CVE-2021-44677, CVE-2021-44518, CVE-2018-12699, CVE-2021-44682, CVE-2021-44524, CVE-2021-44522, CVE-2021-44527, CVE-2021-44681, CVE-2021-44515, CVE-2021-45046, CVE-2021-44549, CVE-2021-44512, CVE-2021-44479, CVE-2021-44529, CVE-2021-45017, CVE-2021-44450, CVE-2021-44685, CVE-2021-44725, CVE-2021-44538, CVE-2021-44833, CVE-2021-44949, CVE-2021-44726, CVE-2009-1234, CVE-2021-44655, CVE-2021-44684, CVE-2021-44848, CVE-2021-45078, CVE-2021-44965, CVE-2021-44653, CVE-2021-44935, CVE-2021-45018, CVE-2021-44449, CVE-2021-44448, CVE-2021-44678

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202112-0356, VAR-202112-0420, VAR-202111-0330, VAR-202112-0380, VAR-202112-0286, VAR-202108-0658, VAR-202112-0329, VAR-202112-0399, VAR-202108-0657, VAR-202111-0302, VAR-202111-0241, VAR-202112-0330, VAR-202112-0405, VAR-202112-0524, VAR-202111-0343, VAR-202112-0339, VAR-202109-0502, VAR-202111-0306, VAR-202111-0986, VAR-202112-0406, VAR-202111-0305, VAR-202112-0288, VAR-202111-0314, VAR-202112-0384, VAR-202112-0401, VAR-202108-0712, VAR-202112-0328, VAR-202111-0313, VAR-202112-0421, VAR-202112-0523, VAR-202112-0378, VAR-202112-0331, VAR-202112-0332, VAR-202111-0322, VAR-202111-0284, VAR-202110-0150, VAR-202110-0151, VAR-202109-0501, VAR-202112-0526, VAR-202112-0400, VAR-202112-0379, VAR-202112-0287, VAR-202112-0383, VAR-202111-0317, VAR-202112-0338, VAR-202110-0149, VAR-202112-0367, VAR-202112-0525, VAR-202112-0729, VAR-202111-0307 Trust: 5.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: code execution, os command injection, buffer overflow...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-42760, CVE-2021-41030, CVE-2021-36176, CVE-2021-36191, CVE-2021-43067, CVE-2021-32603, CVE-2021-43064, CVE-2021-43204, CVE-2021-32602, CVE-2021-42754, CVE-2021-36172, CVE-2021-41024, CVE-2021-41017, CVE-2021-43071, CVE-2021-36183, CVE-2021-36180, CVE-2021-36182, CVE-2021-36186, CVE-2021-32600, CVE-2021-36195, CVE-2021-36187, CVE-2021-41029, CVE-2021-36174, CVE-2021-41021, CVE-2021-36189, CVE-2021-36168, CVE-2021-43063, CVE-2021-36185, CVE-2021-41013, CVE-2021-36188, CVE-2021-36190, CVE-2021-41015, CVE-2021-41014, CVE-2009-1234, CVE-2021-41019, CVE-2021-36192, CVE-2021-36175, CVE-2021-36178, CVE-2021-36179, CVE-2021-36167, CVE-2021-36194, CVE-2021-41027, CVE-2021-42752, CVE-2021-41025, CVE-2021-36181, CVE-2021-42757, CVE-2021-36170, CVE-2021-43068, CVE-2021-43065, CVE-2021-42758, CVE-2021-36184

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 Related entries in the VARIoT vulnerabilities database: VAR-202109-1802 Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 9:24 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	socialminer
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	prime network services controller
vendor:	cisco	model:	series
vendor:	cisco	model:	prime network
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	virtual topology system
vendor:	cisco	model:	cisco prime collaboration
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco prime network services controller
vendor:	cisco	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco	model:	hosted collaboration mediation fulfillment
vendor:	cisco	model:	prime collaboration assurance
vendor:	cisco	model:	cisco virtual topology system
vendor:	cisco	model:	cisco unified communications domain manager
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	virtual security gateway
vendor:	cisco	model:	cisco socialminer
vendor:	cisco	model:	unified communications domain manager
vendor:	cisco	model:	cisco prime network
vendor:	cisco	model:	video surveillance media server
vendor:	cisco	model:	cisco prime collaboration assurance
vendor:	cisco	model:	unified communications manager session management edition

db:

NVD

ids:

CVE-2021-40438

CVE-2021-44515\| ManageEngine Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44515

Current Activity \| CISA Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44077

Trane Symbio (Update B) \| CISA Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38448

Forescout Research Labs concludes Project Memoria - Lessons Learned after 18 months of vulnerability research - Forescout Related entries in the VARIoT vulnerabilities database: VAR-202103-0365, VAR-202104-1830, VAR-202104-1925 Trust: 3.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 11, 2021, 12:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus net

db:

NVD

ids:

CVE-2016-20009, CVE-2021-25664, CVE-2021-25663, CVE-2020-17529, CVE-2020-17528

Why techies are losing sleep over Log4j vulnerability - The Federal Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6:12 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Microsoft Informs Users of High-Severity Vulnerability in Azure AD Trust: 3.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 18, 2021, 6:30 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42306

Hillrom Welch Allyn Cardio vulnerability poses unauthorized access risk Trust: 3.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 2:57 p.m.	Vulnerabilities: authentication bypass, authentication vulnerability

Affected products	External IDs

Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 1 p.m.	Vulnerabilities: script execution, command execution

Affected products	External IDs

VARIoT news about IoT security