Fortinet
- FortiAI: Virtual Security Analyst Revolutionizes Threat Protection for SecOps 24 février 2020
Discover how FortiAI, a first-of-its-kind on-premises appliance, accelerates threat remediation and leverages deep learning to effectively transform threat protection. - Fortinet’s Longstanding History of AI-driven Security 24 février 2020
Learn more about Fortinet’s commitment to AI-driven security to prevent, detect and respond to cyber threats at machine speed. - How Security Performance Drives Digital Innovation 21 février 2020
Discover how security performance will increasingly be the gold standard for organizations operating at the cutting edge of digital innovation. - Fortinet Engage: A Partner Program Designed for Today’s Business Needs 20 février 2020
Explore Fortinet’s new Engage partner program, designed to better prepare Fortinet partners to succeed in today’s evolving security landscape. - Fortinet Prioritizes Cybersecurity Skills Gap Through Several Program Offerings 19 février 2020
Fortinet is strongly committed to addressing the cybersecurity skills gap through its NSE Institute programs, providing training and education curriculum. Learn more about these program offerings. - How Partners Leveraging SECaaS and FortiCloud Provide Value to Customers 19 février 2020
The expansion of FortiCloud provides partners with the opportunity to offer customers best-of-breed SaaS solutions. Learn more. - Fortinet Unveils New FortiGate 1800F Appliance and NP7 Network Processor 18 février 2020
Learn more about Fortinet’s new FortiGate 1800F Next-Generation Firewall, powered by its groundbreaking NP7. - Every Second Counts in Endpoint Protection: Why Real Time Matters 18 février 2020
Learn more about FortiEDR’s unique ability to defuse and disarm a threat in real time. - Defining Security-driven Networking 18 février 2020
Fortinet’s Security-driven Networking approach is defining a new, third generation of security solutions and strategies designed to meet the security and networking demands of today’s highly dynamic and hybrid networks. Learn more. - Protecting Today’s Networks with Dynamic Cloud Security 18 février 2020
Fortinet’s Dynamic Cloud Security strategy enables organizations to develop dynamic cloud-based business infrastructures without compromising the protection of users, data and connected resources. Learn more.
Aruba
- Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches 11 février 2020
- Aruba Impact for CPU Side-Channel Attacks 25 juin 2019
- WPA3 Multiple Vulnerabilities 16 avril 2019
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- Aruba Instant Multiple Vulnerabilities 27 février 2019
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 … - Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration. - Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.”
Cisco
- Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability 24 février 2020
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a s … - Cisco FXOS and NX-OS Software Secure Configuration Bypass Vulnerability 24 février 2020
A vulnerability in the Secure Configuration Validation functionality of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to run arbitrary commands at system boot time with the privileges of root. The vulnerability is due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An attacker cou … - Cisco SD-WAN Solution Packet Filtering Bypass Vulnerability 22 février 2020
A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a target device. A … - Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability 22 février 2020
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discov … - Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability 21 février 2020
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Disc … - Cisco IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability 20 février 2020
A vulnerability in the implementation of the Intermediate System-to-Intermediate System (IS-IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS-IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifie … - Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability 20 février 2020
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuadin … - Cisco Unified Contact Center Express Privilege Escalation Vulnerability 20 février 2020
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to a … - Cisco Unified Contact Center Enterprise Denial of Service Vulnerability 20 février 2020
A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple craf … - Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability 20 février 2020
A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account. The vulnerability is due to a system account that has a default and static password and is not under the control of the system administrator. An attacker could exploit this vulnerabilit …
Google Online Security Blog