Fortinet
- FortiVet Addresses the Cyber Skills Shortage in Canada 20 septembre 2019
Fortinet has continued its commitment to addressing the cyber skills shortage by rolling out the FortiVet program in Canada, nationwide. Learn more. - Customers Praise FortiGate Enterprise Network Firewalls for Securing Their Networks 19 septembre 2019
Find out what our customers are saying about Fortinet’s FortiGate Enterprise Network Firewalls on Gartner Peer Insights. - Fortinet Named a Leader in the 2019 Gartner Magic Quadrant for Network Firewalls 19 septembre 2019
Fortinet has been recognized as one of the Leaders among the 18 vendors included in the Gartner Magic Quadrant for Network Firewalls report for 2019. - Elementary Shortfalls: What The Internet Got Wrong and What We Can Do About It Now 18 septembre 2019
Learn about the enduring shortfalls inherent in the Internet and how leading cybersecurity experts recommend addressing them in excerpts from Phil Quade’s new book, The Digital Big Bang. - Nemty Ransomware 1.0: A Threat in its Early Stage 17 septembre 2019
Learn about the technical details of the recently discovered Nemty ransomware, including some interesting irregularities. - How to Support Healthy Communities During National Health IT Week 2019 17 septembre 2019
During the National Health IT Week 2019, members of the health and security space will focus on supporting healthy communities. Learn how IT can help transform healthcare. - Fortinet Enhances its Security Alliance with Oracle at OpenWorld 2019 16 septembre 2019
Fortinet is pleased to announce it has enhanced its security alliance with Oracle to provide integrated security to your cloud infrastructure. - Fortinet Wins SE Labs Best Network Security Appliance Award 12 septembre 2019
Fortinet has earned the SE Labs Best Network Security Appliance Award and AAA Rating for its FortiGate security solution in 2019. - WordPress (Core) Stored XSS Vulnerability 12 septembre 2019
The FortiGuard Labs team discovered a stored XSS zero-day vulnerability in WordPress, affecting versions 5.0 to 5.0.4, 5.1 and 5.1.1. Learn more. - New Customers Choose Fortinet’s Cloud Security for Protection of Hybrid Cloud and On-Prem Networks 11 septembre 2019
Fortinet helps customers at all stages of their cloud adoption to secure all their environments. Learn more about Fortinet’s cloud security portfolio, which enables secure connectivity across environments, secure applications regardless of environment, and consistent visibility and control.
Aruba
- Aruba Impact for CPU Side-Channel Attacks 25 juin 2019
- WPA3 Multiple Vulnerabilities 16 avril 2019
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- Aruba Instant Multiple Vulnerabilities 27 février 2019
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 … - Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration. - Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.” - ClearPass Policy Manager Multiple Vulnerabilities 21 mars 2018
Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.
Cisco
- Cisco Data Center Network Manager Information Disclosure Vulnerability 19 septembre 2019
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface o … - Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability 19 septembre 2019
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An attacker could exploit this vulnerability by uploading specially crafted data to the affected device. A successf … - Cisco Data Center Network Manager Arbitrary File Download Vulnerability 19 septembre 2019
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected … - Cisco Data Center Network Manager Authentication Bypass Vulnerability 19 septembre 2019
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a … - Cisco HyperFlex Software Counter Value Injection Vulnerability 18 septembre 2019
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection servi … - Cisco HyperFlex Software Cross-Frame Scripting Vulnerability 18 septembre 2019
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. … - Cisco Identity Services Engine Privilege Escalation Vulnerability 18 septembre 2019
A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a cra … - Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability 17 septembre 2019
A vulnerability in the IP Version 6 (IPv6) packet processing functions of multiple Cisco products could allow an unauthenticated, remote attacker to cause an affected device to stop processing IPv6 traffic, leading to a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted IPv6 packets that are sent to an affected device. An attacker … - Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability 12 septembre 2019
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by … - Cisco Secure Boot Hardware Tampering Vulnerability 7 septembre 2019
A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the ar …
Google Online Security Blog