Fortinet
- 30 septembre 2020Building a Cyber-Aware Workforce Requires Training and Ongoing Awareness
Fortinet is expanding its NSE Training Institute’s free training offerings with the introduction of the Information Security Awareness and Training service. Read more: … - 29 septembre 2020Fortinet Named a Leader in Gartner 2020 Magic Quadrant for WAN Edge Infrastructure
Fortinet is pleased to have been named a Leader in the 2020 Gartner Magic Quadrant for WAN Edge Infrastructure. Read more about this. … - 28 septembre 2020Integrating Managed Detection and Response Into Service Portfolios
Providing managed threat detection and response (MDR) capabilities will play a vital role in MSSPs’ ability to meet customer security demands going forward. Read more. … - 25 septembre 2020Threat Intelligence is the Lifeblood of Active Security
Actionable threat intelligence is about much more than simply protections and research. It requires global partnerships, information sharing, and working with law enforcement. Learn more. … - 24 septembre 2020Ensure Best User Experience With Self-Healing SD-WAN
With the right Secure SD-WAN solution in place, network and operations leaders have the range of WAN capabilities they need to ensure applications are available and functioning without human intervention. Learn more. … - 23 septembre 2020School District Secures Distance Learning for 18,000+ Students With FortiEDR
This educational organization found themselves a target of cybercriminals exploiting the recent pandemic through social engineering attacks. Explore how this organization leveraged FortiEDR to secure endpoints during distance learning. … - 22 septembre 2020Vote-by-Mail Election Security Falls in the Hands of Local Government
Explore how local governments can ensure election security as the rise in vote-by-mail presents new challenges. … - 21 septembre 2020Taking Time to Build Confidence in Automated Security
Automated security offerings have grown in both commonality and necessity. Explore how CISOs can build confidence in automated security systems by using a well-constructed ANN and a good balance of SIEM and SOAR. … - 18 septembre 2020Think Outside the Box When Managing a Remote Workforce
When managing a remote workforce long-term, organizations must implement key strategies to protect both their employees and their corporate network. Find out more. … - 17 septembre 2020Customers Across Industries Simplify and Secure Branch Networks
Explore why these three customers adopted Fortinet Secure SD-Branch to extend the benefits of Fortinet’s broad, integrated, and automated Security Fabric to branch locations to reduce network complexity, simplify management, and lower TCO. …
Aruba
- 15 septembre 2020TCP SACK PANIC – Kernel vulnerabilities
Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability.
- 15 septembre 2020Multiple Memory Corruption Vulnerabilities for Aruba CX Switches
Four memory corruption vulnerabilities in the Aruba CX Switches have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of both LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) processes in the switch.
- 1 septembre 2020Authenticated arbitrary file modification vulnerability in Analytics and Location Engine (ALE)
Aruba has released an update to Analytics and Location Engine (ALE) that addresses a high severity vulnerability in the Web Management Interface of this product.
- 25 août 2020Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches
Two vulnerabilities in the Aruba Intelligent Edge Switches web management interface have been found. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.
- 23 juin 2020“Ripple20” Multiple Vulnerabilities affecting the Treck TCP/ IP stack
A collection of vulnerabilities known as “Ripple20” affect the Treck TCP/IP stack implementation. Successful exploitation of these vulnerabilities could result in denial of service, information disclosure or remote code execution. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. Aruba has not yet performed a complete an … - 2 juin 2020ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
- 14 avril 2020ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
- 28 février 2020WPA and WPA2 Disassociation Vulnerability (“Kr00k”)
A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known.
- 25 février 2020AirWave Management Platform Multiple Vulnerabilities
Multiple Remote Code Execution Vulnerabilities have been uncovered in the AirWave Management Platform. An attacker who is able to exploit these vulnerabilities could run untrusted arbitrary commands or code on the AirWave platform. All three vulnerabilities require the attacker to be authenticated to the administrative interface of AirWave.
- 11 février 2020Information Disclosure in Web Management Interface for Aruba Intelligent Edge Switches
An information disclosure vulnerability is present in Aruba Intelligent Edge Switches which allows an attacker to retrieve sensitive system information. This attack can be carried out without user authentication under very specific conditions.
Cisco
- 1 octobre 2020Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating sy … - 1 octobre 2020Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address t … - 30 septembre 2020Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected … - 29 septembre 2020Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities
Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device … - 24 septembre 2020Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability
A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the … - 24 septembre 2020Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patt … - 24 septembre 2020Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability
A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x o … - 24 septembre 2020Cisco IOS XE Software Web UI Authorization Bypass Vulnerability
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized. The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacke … - 24 septembre 2020Cisco IOS XE Software Guest Shell Unauthorized File System Access Vulnerability
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device’s guest shell, and accessing or mo … - 24 septembre 2020Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability
A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes t …
Google Online Security Blog