Fortinet
- Dissecting Tor Bridges and Pluggable Transport – Part I: Finding the Built-in Tor Bridges and How Tor Browser Works 5 décembre 2019
Learn more about how our FortiGuard Labs researchers discovered built-in Tor bridges using reverse engineering. - The Rise of Security-Driven Networking and the Future of Network Security 5 décembre 2019
Fortinet CEO Ken Xie shares his insights about the future of security. Learn more. - Fortinet Named a Challenger with Highest Ability to Execute in the 2019 Gartner WAN Edge Infrastructure Magic Quadrant 4 décembre 2019
Learn more about Fortinet’s position in the 2019 Gartner WAN Edge Infrastructure Magic Quadrant. - Ensuring Performance and Security at Cloud-Enabled Branch Offices 2 décembre 2019
Organizations are leveraging cloud-ready branch strategies that revolve around SD-WAN for direct Internet access. Learn why it’s essential to deploy a branch cloud security solution designed for today’s stricter performance requirements. - New Network Security Use Cases with Amazon VPC Ingress Routing 2 décembre 2019
Fortinet has announced tighter integration of its dynamic cloud security offerings with the new AWS VPC Ingress Routing solution. Learn more. - Honing in On Diversity to Solve the Cyber Skills Gap 29 novembre 2019
Learn how a diverse workforce can help organizations address the cyber skills gap and create a well rounded security team that is better equipped to fight sophisticated cyberattacks. - Simplifying Digital Transformation with Security-Driven Networking 27 novembre 2019
The challenge of securing digital infrastructure will continue to grow unless organizations begin building their networks with security in mind from day one. Learn more about security-driven networking. - Defining Cloud Security Ownership with DevSecOps 26 novembre 2019
Among the different parties involved – IT, lines of business, or the cloud provider – who’s responsible for the various aspects of cloud security? Learn how to reduce gray areas in the shared responsibility model. - Your Holiday Guide to Safe Cybershopping 25 novembre 2019
Learn how to protect yourself while shopping online this holiday season. - FortiGuard Labs Weekly Threat Update – November 22, 2019 22 novembre 2019
Learn about the cyber threats uncovered during the week of November 22, 2019.
Aruba
- Aruba Impact for CPU Side-Channel Attacks 25 juin 2019
- WPA3 Multiple Vulnerabilities 16 avril 2019
On April 10, 2019 a research paper by Mathy Vanhoef and Eyal Ronen was released documenting a series of potential vulnerabilities in implementations of WPA3 and EAP-pwd (RFC 5931). Details on EAP-pwd vulnerabilities have not yet been released. This advisory covers only WPA3 vulnerabilities.
- Aruba Instant Multiple Vulnerabilities 27 février 2019
Aruba has released updates to Aruba Instant (IAP) that address multiple serious vulnerabilities. The most significant vulnerability is rated CRITICAL with a CVSS score of 9.8.
- ClearPass Policy Manager Multiple Vulnerabilities 7 novembre 2018
Aruba has released an update to ClearPass Policy Manager that addresses multiple security vulnerabilities.
- Aruba BLE Radio Firmware Vulnerability 18 octobre 2018
A vulnerability exists in the firmware of embedded BLE radios that are part of all Aruba AP-3xx series access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP’s BLE radio and could then gain access to the AP’s console port. Aruba products are NOT affected by a similar vulnerability being tracked as CVE-2018-16986 … - Apache Struts Vulnerability in ClearPass Policy Manager 24 août 2018
The Apache Struts group announced Struts version 2.3.35 on August 22, 2018.
Included in this update is a fix for one security vulnerability. Aruba ClearPass includes Apache Struts 2.3.34, but in a non-vulnerable configuration. - Linux Kernel Vulnerabilities in ClearPass and AirWave 24 août 2018
Two Linux kernel vulnerabilities, known as “SegmentSmack” and “FragmentSmack”, have been publicly disclosed. The Linux kernel used by Aruba ClearPass Policy Manager and Aruba AirWave is affected. Other Aruba products are not affected.
- Return Of Bleichenbacher’s Oracle Threat (ROBOT) 28 mars 2018
The cryptography library used by Aruba Instant provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker may be able to recover private keys for X.509 certificates. This vulnerability is
referred to as “ROBOT.” - ClearPass Policy Manager Multiple Vulnerabilities 21 mars 2018
Aruba has released an update to ClearPass Policy Manager that addresses four security vulnerabilities.
Cisco
- Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability 4 décembre 2019
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed … - Multiple Cisco Analog Telephone Adapters Remote Code Execution Vulnerabilities 3 décembre 2019
Multiple vulnerabilities in Cisco SPA Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sen … - Cisco Webex Teams and Cisco Webex Meetings Client DLL Hijacking Vulnerability 3 décembre 2019
A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows and Cisco Webex Meetings Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the reso … - Cisco IOS XR Software NETCONF Over Secure Shell ACL Bypass Vulnerability 23 novembre 2019
A vulnerability in the access-control logic of the NETCONF over Secure Shell (SSH) of Cisco IOS XR Software may allow connections despite an access control list (ACL) that is configured to deny access to the NETCONF over SSH of an affected device. The vulnerability is due to a missing check in the NETCONF over SSH access control list (ACL). An attacker could exploit this vulnerability by connectin … - Cisco Secure Boot Hardware Tampering Vulnerability 21 novembre 2019
A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the ar … - Cisco Unified Communications Manager SQL Injection Vulnerability 21 novembre 2019
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending mali … - Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability 21 novembre 2019
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to t … - Cisco SD-WAN Solution vManage Cross-Site Request Forgery Vulnerability 21 novembre 2019
A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected instance of vManage. An attacker could exploit this vulnerability by persuading a user to follow a m … - Cisco Unity Express Command Injection Vulnerability 21 novembre 2019
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could explo … - Cisco Unified Communications Domain Manager Persistent Cross-Site Scripting Vulnerability 21 novembre 2019
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of …
Google Online Security Blog