Fabriquants

Retour à Sécurité

Fortinet

Aruba

    • 15 septembre 2020TCP SACK PANIC – Kernel vulnerabilities
      Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability.The post TCP SACK PANIC – Kernel vulnerabilities first appeared on Aruba. …

    • 15 septembre 2020Multiple Memory Corruption Vulnerabilities for Aruba CX Switches
      Four memory corruption vulnerabilities in the Aruba CX Switches have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of both LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) processes in the switch.The post Multiple Memory Corruption Vulnerabilities for Aruba CX Switches first appeared on Aruba. …

    • 25 août 2020Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches
      Two vulnerabilities in the Aruba Intelligent Edge Switches web management interface have been found. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.The post Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches first appeared on Aruba. …

    • 23 juin 2020“Ripple20” Multiple Vulnerabilities affecting the Treck TCP/ IP stack
      A collection of vulnerabilities known as “Ripple20” affect the Treck TCP/IP stack implementation. Successful exploitation of these vulnerabilities could result in denial of service, information disclosure or remote code execution. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. Aruba has not yet performed a complete an …

    • 28 février 2020WPA and WPA2 Disassociation Vulnerability (“Kr00k”)
      A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. The post WPA and WPA2 Disassociation Vulnerability (« Kr00k ») first appeared on A …

    • 25 février 2020AirWave Management Platform Multiple Vulnerabilities
      Multiple Remote Code Execution Vulnerabilities have been uncovered in the AirWave Management Platform. An attacker who is able to exploit these vulnerabilities could run untrusted arbitrary commands or code on the AirWave platform. All three vulnerabilities require the attacker to be authenticated to the administrative interface of AirWave.The post AirWave Management Platform Multiple Vulnerabilit …

Cisco

    • 26 novembre 2020Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
      A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploi …

    • 24 novembre 2020Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
      A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Web …

    • 24 novembre 2020Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability
      A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker …

    • 24 novembre 2020Cisco Identity Services Engine Cross-Site Scripting Vulnerability
      A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vuln …

    • 23 novembre 2020Cisco Identity Services Engine Privilege Escalation Vulnerability
      A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit th …

    • 21 novembre 2020Cisco Security Manager Path Traversal Vulnerability
      A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to and modify sensitive information on the affected device. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A …

    • 19 novembre 2020Cisco IoT Field Network Director Missing API Authentication Vulnerability
      A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the …

    • 19 novembre 2020Cisco Secure Web Appliance Privilege Escalation Vulnerability
      A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerabil …

    • 19 novembre 2020Cisco Webex Meetings API Cross-Site Scripting Vulnerability
      A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to …

Google Online Security Blog