SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

CVE-2023-20254

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant...

CVE-2023-20254

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant...

CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML.....

CVE-2023-20253

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

Input validation

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant...

Design/Logic Flaw

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

Authentication flaw

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML.....

Design/Logic Flaw

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

Authorization

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML.....

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the...

CVE-2023-20253

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...

CVE-2023-20254

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant...

Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...

Cisco Catalyst SD-WAN Manager Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system. For more information about these vulnerabilities, see the Details ["#details"]...

Mageia: Security Advisory (MGASA-2023-0266)

The remote host is missing an update for...

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Thorough, independent tests are a vital resource as cybersecurity leaders and their teams evaluate vendors' abilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluations:...

sc-management.it Cross Site Scripting vulnerability OBB-3701205

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Siemens SIMATIC, SIPLUS Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SIMATIC Products ANSI C OPC UA SDK Denial of Service Vulnerability

SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with an OPC UA server interface to be connected as OPC UA clients.SIMATIC Drive Controllers are designed for the automation of production machines and combine the...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...

Return value of ETH

Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256(uint160(0x0000000000000000000000000000000000000000)); ...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

...

Failure to Return Value from Low-Level Call

Lines of code Vulnerability details In Solidity, the "low-level call" operation, often used with inline assembly, is a powerful tool for interacting with external contracts. However, there is a specific bug related to low-level calls that can result in unexpected behavior. Instances (1):...

Cybercriminals target graphic designers with GPU miners

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines. This activity has been ongoing since at least November 2021. The attacker uses Advanced Installer to package other legitimate...

Oracle Linux 8 : glibc (ELSA-2020-1828)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1828 advisory. On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program...

Oracle Linux 8 : glibc (ELSA-2019-3513)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3513 advisory. In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed...

Kingo ROOT 1.5.8 Unquoted Service Path

...

Kingo ROOT 1.5.8 - Unquoted Service Path

...

Kingo ROOT 1.5.8 - Unquoted Service Path Vulnerability

...

CVE-2023-41627

O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the...

CVE-2023-41628

An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra and Joao Marques · September 1, 2023 This blog was also written by Raghav Kapoor Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra, Joao Marques, and Raghav Kapoor · September 1, 2023 Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement agencies to take it down in...

Easy Address Book Web Server 1.6 Buffer Overflow / Cross Site Scripting

...

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia):...

CVE-2023-3646

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system...

CVE-2023-40997

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted...

CVE-2023-40998

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size...

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...

Wireshark 4.0.x < 4.0.8 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.8 advisory. Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c...

Wireshark 4.0.x < 4.0.8 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.8 advisory. Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the...