VARIoT latest news about IoT security

Log4Shell / Apache Log4j Injection Vulnerability CVE-2021-44228: Impact and Response - Truesec Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 3.5 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 10, 2021, midnight	Vulnerabilities: code execution, request forgery, injection attack

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

The Apache Log4j vulnerability: What you need to know \| RBRO Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.25 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

CVE-2021-44228 Apache Log4j vulnerability \| Platform.sh Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 4.5 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 13, 2021, midnight	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228, CVE-2021-45046

What is Remote Code Execution (RCE)? - Check Point Software Trust: 4.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 22, 2021, 2:38 p.m.	Vulnerabilities: denial of service, code execution, injection attack...

Affected products

External IDs

vendor:

check point

model:

check point

Ordr Response to Log4j Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 16, 2021, 6:26 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

NVD - CVE-2021-37036 Related entries in the VARIoT vulnerabilities database: VAR-202111-1436 Trust: 5.5 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: information leak, information leakage

Affected products

External IDs

vendor:	huawei	model:	ecns280_td_firmware
vendor:	huawei	model:	v100r005c00
vendor:	huawei	model:	huawei
vendor:	huawei	model:	fusioncompute

db:

NVD

ids:

CVE-2021-37036

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability - Cisco Trust: 4.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Oct. 27, 2021, 2:29 p.m.	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower
vendor:	cisco	model:	asa software
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	cisco adaptive security appliance software

Critical Apache Log4j Vulnerability Updates \| FortiGuard Labs Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-201803-1048, VAR-202112-0562 Trust: 4.25 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 21, 2021, 8 a.m.	Vulnerabilities: denial of service, information leak, code execution

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	huawei	model:	huawei
vendor:	huawei	model:	hg532

db:

NVD

ids:

CVE-2021-26084, CVE-2021-45105, CVE-2021-44228, CVE-2017-17215, CVE-2021-4104, CVE-2021-45046

High Severity Security Flaw in Intel CPUs Allows Attackers to Access Encryption Keys and Bypass TPM, BitLocker, and DRM - CPO Magazine Trust: 4.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 3, 2021, 5:49 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0146

SAM Name impersonation - Microsoft Tech Community Related entries in the VARIoT vulnerabilities database: VAR-202111-0660 Trust: 3.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 20, 2021, 4:31 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42278, CVE-2021-42287

Vulnerabilities Can Allow Hackers to Tamper With Walk-Through Metal Detectors \| SecurityWeek.Com Trust: 4.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Jan. 17, 2022, midnight	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

cisco

model:

router

Security warning: New zero-day in the Log4j Java library is already being exploited \| ZDNet Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.25 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 10, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

INTEL-SA-00646 Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562 Trust: 5.25 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Jan. 12, 2022, 6:26 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228, CVE-2021-45046

Security Notice: NVIDIA Response to Log4j Vulnerabilities - December 2021 \| NVIDIA Related entries in the VARIoT vulnerabilities database: VAR-202112-1782 Trust: 3.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 16, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2021-45105

Log4j vulnerability Protection for Endpoints - Check Point Software Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 23, 2021, 10:48 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

check point

model:

check point

db:

NVD

ids:

CVE-2021-44228

Vulnerabilities identified in the Abode IOTA security system: Fake image injection into timeline Trust: 5.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: command injection

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	router

db:

NVD

ids:

CVE-2020-8105

CVE-2021-45105: New DoS Vulnerability Found in Apache Log4j - Netskope Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 4.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: denial of service, process crash, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228 Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2021-44228

Instagram Trust: 3.5 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Document - Notice: (Revision) Apache Software Log4j - Security Vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105, CVE-2021-44832) \| HPE Support Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562 Trust: 4.75 Fetched: Dec. 30, 2021, 11:51 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	aruba	model:	clearpass policy manager
vendor:	aruba	model:	arubaos
vendor:	aruba	model:	cx switches
vendor:	aruba	model:	clearpass
vendor:	aruba	model:	aruba instant
vendor:	aruba	model:	instant
vendor:	brocade	model:	fibre channel san

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-4104, CVE-2021-44832, CVE-2021-45046

VARIoT news about IoT security