Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 20 janvier 2021Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
      A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafte …

    • 19 janvier 2021Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
      A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq. Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vu …

    • 14 janvier 2021Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability
      A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are lo …

    • 14 janvier 2021Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability
      A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local …

    • 14 janvier 2021Cisco Webex Teams Shared File Manipulation Vulnerability
      A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the share …

    • 14 janvier 2021Cisco Webex Meetings Open Redirect Vulnerability
      A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerabilit …

    • 14 janvier 2021Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability
      A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex …

    • 14 janvier 2021Cisco StarOS for Cisco ASR 5000 Series Routers Arbitrary File Read Vulnerability
      A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulne …

Google Online Security Blog