β Cisco Webex βGhostβ Flaw Opens Meetings to Snooping β
π Read
via "Threat Post".
Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.π Read
via "Threat Post".
Threat Post
Cisco Webex βGhostβ Flaw Opens Meetings to Snooping
Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.
π΄ Out With the Old Perimeter, in With the New Perimeters π΄
π Read
via "Dark Reading".
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.π Read
via "Dark Reading".
Dark Reading
Out With the Old Perimeter, in With the New Perimeters
A confluence of trends and events has exploded the whole idea of the perimeter. Now there are many perimeters, and businesses must adjust accordingly.
βΌ CVE-2020-26079 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28362 βΌ
π Read
via "National Vulnerability Database".
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26076 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26097 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26075 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28366 βΌ
π Read
via "National Vulnerability Database".
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26068 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26080 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3392 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4592 βΌ
π Read
via "National Vulnerability Database".
IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26081 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26554 βΌ
π Read
via "National Vulnerability Database".
REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28091 βΌ
π Read
via "National Vulnerability Database".
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26072 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26077 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26933 βΌ
π Read
via "National Vulnerability Database".
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27126 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28367 βΌ
π Read
via "National Vulnerability Database".
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.π Read
via "National Vulnerability Database".