βΌ CVE-2023-20269 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41319 βΌ
π Read
via "National Vulnerability Database".
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39511 βΌ
π Read
via "National Vulnerability Database".
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20238 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10129 βΌ
π Read
via "National Vulnerability Database".
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10131 βΌ
π Read
via "National Vulnerability Database".
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40591 βΌ
π Read
via "National Vulnerability Database".
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node, can be made to consume unbounded amounts of memory when handling specially crafted p2p messages sent from an attacker node. The fix is included in geth version `1.12.1-stable`, i.e, `1.12.2-unstable` and onwards. Users are advised to upgrade. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Builds Trust in Critical Infrastructure π΄
π Read
via "Dark Reading".
Improving an energy company's resistance to cyberattack does more than protect vital resources β it enhances trust from customers and investors.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Builds Trust in Critical Infrastructure
Improving an energy company's resistance to cyberattack does more than protect vital resources β it enhances trust from customers and investors.
π΄ Coding Tips to Sidestep JavaScript Vulnerabilities π΄
π Read
via "Dark Reading".
This Tech Tip focuses on best security practices to write secure JavaScript code.π Read
via "Dark Reading".
Dark Reading
Coding Tips to Sidestep JavaScript Vulnerabilities
This Tech Tip focuses on best security practices to write secure JavaScript code.
π΄ CybeReady Provides Cybersecurity Awareness Month Kits As CISOs Defend Against AI Driven Attacks π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
CybeReady Provides Cybersecurity Awareness Month Kits As CISOs Defend Against AI Driven Attacks
SANTA CLARA, Calif., September 6, 2023 -- CybeReady, a global leader in security awareness training, today announced new Cybersecurity Awareness Month Training Toolkits to help organizations protect against emerging security threats generated by increasinglyβ¦
βΌ CVE-2023-4772 βΌ
π Read
via "National Vulnerability Database".
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4792 βΌ
π Read
via "National Vulnerability Database".
The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38031 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AC86U Adaptive QoS - Web History function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34357 βΌ
π Read
via "National Vulnerability Database".
Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for Forgotten Password. The reset password link sent out through e-mail, and the link will remain valid after the password has been reset and after the expected expiration date. An attacker with access to the browser history or has the line can thus use the URL again to change the password in order to take over the account.π Read
via "National Vulnerability Database".
π¦Ώ Vendor Comparison: DIY Home Security Systems π¦Ώ
π Read
via "Tech Republic".
When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide from TechRepublic Premium provides advice you can follow as you make decisions regarding how you will deploy a home security system. The accompanying comparison tool will document your research and provide ...π Read
via "Tech Republic".
TechRepublic
Vendor Comparison: DIY Home Security Systems
When it comes to DIY home security, there are many systems and components to consider and many decisions to make. This vendor comparison guide from
βΌ CVE-2023-39238 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific valueΓ within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39240 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2Γ’β¬β’s iperf client function API. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_cli.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4815 βΌ
π Read
via "National Vulnerability Database".
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39239 βΌ
π Read
via "National Vulnerability Database".
It is identified a format string vulnerability in ASUS RT-AX56U V2Γ’β¬β’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".