‼ CVE-2022-20756 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26850 ‼
📖 Read
via "National Vulnerability Database".
When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20665 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24822 ‼
📖 Read
via "National Vulnerability Database".
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20762 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20755 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20675 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the TCP/IP stack of Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Secure Email and Web Manager, formerly Security Management Appliance, could allow an unauthenticated, remote attacker to crash the Simple Network Management Protocol (SNMP) service, resulting in a denial of service (DoS) condition. This vulnerability is due to an open port listener on TCP port 199. An attacker could exploit this vulnerability by connecting to TCP port 199. A successful exploit could allow the attacker to crash the SNMP service, resulting in a DoS condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20784 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20782 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20754 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20741 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.📖 Read
via "National Vulnerability Database".
🔏 U.S. Disrupts Russian Botnet 🔏
📖 Read
via "".
The Cyclops Blink botnet, which the U.S. has removed from vulnerable internet-connected firewall devices, been linked to the Russian hacking group Sandworm.📖 Read
via "".
Digital Guardian
U.S. Disrupts Russian Botnet
The Cyclops Blink botnet, which the U.S. has removed from vulnerable internet-connected firewall devices, been linked to the Russian hacking group Sandworm.
🕴 Eliminating Passwords: One Way Forward 🕴
📖 Read
via "Dark Reading".
Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.📖 Read
via "Dark Reading".
Dark Reading
Eliminating Passwords: One Way Forward
Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.
🕴 Nearly 40% of Macs Left Exposed to Two Zero-Day Exploits 🕴
📖 Read
via "Dark Reading".
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.
‼ CVE-2022-26607 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26591 ‼
📖 Read
via "National Vulnerability Database".
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26613 ‼
📖 Read
via "National Vulnerability Database".
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26605 ‼
📖 Read
via "National Vulnerability Database".
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.📖 Read
via "National Vulnerability Database".
🕴 Zoom's Bug Bounty Programs Soar to $1.8M 🕴
📖 Read
via "Dark Reading".
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.📖 Read
via "Dark Reading".
Dark Reading
Zoom's Bug Bounty Programs Soar to $1.8M
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.
🕴 Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report" 🕴
📖 Read
via "Dark Reading".
Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.📖 Read
via "Dark Reading".
Dark Reading
Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"
Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.
‼ CVE-2020-22253 ‼
📖 Read
via "National Vulnerability Database".
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.📖 Read
via "National Vulnerability Database".