Fortinet
- 27 novembre 2020Discussing Threats Around Online Shopping
Fortinet’s FortiGuard Labs team discusses the key e-commerce-related threat trends expected this holiday season and how shoppers and enterprises can protect themselves. … - 25 novembre 2020Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet
Learn how Fortinet’s Dynamic Cloud Security solutions enabled this telecommunications provider to migrate confidently and securely to Microsoft Azure. … - 25 novembre 2020Managing Risk and Securing Virtual Retail
Learn how retail CISOs are adapting their security strategies to meet the needs of changing buying patterns as a result of the pandemic and the subsequent reinvention of retail. … - 24 novembre 2020Examining the Top Cyber Threats Plaguing the Pharmaceutical Industry
Learn about the top cyber threats and security challenges facing the pharmaceutical industry and how these organizations can secure their entire digital attack surface. … - 23 novembre 2020Few SD-WAN Solutions Meet Real World Requirements
Learn how a Secure SD-WAN solution can support a variety of use cases, allowing organizations to enable digital innovation while deploying consistent, integrated security anywhere on any WAN edge. … - 20 novembre 2020Partnering on Global Cybercrime: A Group Effort
Fortinet and the World Economic Forum’s Partnership Against Cybercrime work to fight against global cyber threats. Learn more. … - 19 novembre 2020Fortinet at Virtual AWS re:Invent 2020
Join Fortinet at AWS re:Invent to learn more about our Dynamic Cloud Security offerings on AWS. … - 19 novembre 2020Helping CISOs Prepare for the 2021 Threat Landscape
In an era of constant innovation, we must be continuously aware of the impact new technology has on the threat landscape. Explore threat predictions for 2021 and what they mean for CISOs moving forward. … - 18 novembre 2020Fortinet Scores Highest for Two Key Use Cases in the 2020 Gartner Critical Capabilities for Network Firewalls Report
Fortinet scored the highest for two key use cases in the 2020 Gartner Critical Capabilities for Network Firewalls report. Read more about this. … - 17 novembre 2020What Does Covid Teach Us About OT Cybersecurity?
When it comes to defending production environments, the time is now to tighten the cybersecurity of Operational Technology. Learn about the important lessons the recent pandemic has taught us about OT security. …
Aruba
- 20 octobre 2020AirWave Glass Multiple Vulnerabilities
Aruba has released updates to Airwave Glass that address multiple security vulnerabilities.
The post AirWave Glass Multiple Vulnerabilities first appeared on Aruba.
- 15 septembre 2020TCP SACK PANIC – Kernel vulnerabilities
Aruba has released updates to products affected by Linux Kernel vulnerabilities known as TCP SACK PANIC. Successful exploitation of the most severe of these vulnerabilities could allow a remote attacker to trigger a kernel panic and impact the system availability.The post TCP SACK PANIC – Kernel vulnerabilities first appeared on Aruba. … - 15 septembre 2020Multiple Memory Corruption Vulnerabilities for Aruba CX Switches
Four memory corruption vulnerabilities in the Aruba CX Switches have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of both LLDP (Link Layer Discovery Protocol) and CDP (Cisco Discovery Protocol) processes in the switch.The post Multiple Memory Corruption Vulnerabilities for Aruba CX Switches first appeared on Aruba. … - 1 septembre 2020Authenticated arbitrary file modification vulnerability in Analytics and Location Engine (ALE)
Aruba has released an update to Analytics and Location Engine (ALE) that addresses a high severity vulnerability in the Web Management Interface of this product.The post Authenticated arbitrary file modification vulnerability in Analytics and Location Engine (ALE) first appeared on Aruba. … - 25 août 2020Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches
Two vulnerabilities in the Aruba Intelligent Edge Switches web management interface have been found. Successful exploitation of these vulnerabilities could result in unauthorized administrative access to the switch.The post Multiple vulnerabilities in Web Management Interface for Aruba Intelligent Edge Switches first appeared on Aruba. … - 23 juin 2020“Ripple20” Multiple Vulnerabilities affecting the Treck TCP/ IP stack
A collection of vulnerabilities known as “Ripple20” affect the Treck TCP/IP stack implementation. Successful exploitation of these vulnerabilities could result in denial of service, information disclosure or remote code execution. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. Aruba has not yet performed a complete an … - 2 juin 2020ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba.
- 14 avril 2020ClearPass Policy Manager Multiple Vulnerabilities
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities.
The post ClearPass Policy Manager Multiple Vulnerabilities first appeared on Aruba.
- 28 février 2020WPA and WPA2 Disassociation Vulnerability (“Kr00k”)
A timing flaw in certain Wi-Fi chip firmware may allow an attacker to decrypt a limited amount of WPA2-encrypted frames using a known all-zero key. Some Aruba products are affected by this vulnerability. This is a preliminary advisory based on initial investigation; it will be updated as new information becomes known. The post WPA and WPA2 Disassociation Vulnerability (« Kr00k ») first appeared on A … - 25 février 2020AirWave Management Platform Multiple Vulnerabilities
Multiple Remote Code Execution Vulnerabilities have been uncovered in the AirWave Management Platform. An attacker who is able to exploit these vulnerabilities could run untrusted arbitrary commands or code on the AirWave platform. All three vulnerabilities require the attacker to be authenticated to the administrative interface of AirWave.The post AirWave Management Platform Multiple Vulnerabilit …
Cisco
- 26 novembre 2020Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploi … - 24 novembre 2020Cisco Webex Meetings and Cisco Webex Meetings Server Ghost Join Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Web … - 24 novembre 2020Cisco Webex Meetings and Cisco Webex Meetings Server Unauthorized Audio Information Exposure Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted reques … - 24 novembre 2020Cisco Webex Meetings and Cisco Webex Meetings Server Information Disclosure Vulnerability
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker … - 24 novembre 2020Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vuln … - 23 novembre 2020Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit th … - 21 novembre 2020Cisco Security Manager Path Traversal Vulnerability
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to and modify sensitive information on the affected device. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A … - 19 novembre 2020Cisco IoT Field Network Director Missing API Authentication Vulnerability
A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the … - 19 novembre 2020Cisco Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerabil … - 19 novembre 2020Cisco Webex Meetings API Cross-Site Scripting Vulnerability
A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to …
Google Online Security Blog