ModuNet300 (EY-AM300F001, EY-AM300F002) Security Vulnerabilities

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input...

Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Fragmentation Denial of Service Vulnerabilities

Multiple vulnerabilities in the Internet Key Exchange version 1 (IKEv1) fragmentation feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow or corruption on an affected system. For more information about these...

Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command...

New Webinar: 5 Must-Know Trends Impacting AppSec

Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads...

Cisco IOS Software Group Encrypted Transport VPN Out of Bounds Write (cisco-sa-getvpn-rce-g8qR68sx)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of ...

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

CVE-2023-20109

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...

Authorization

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Input validation

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...

Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...

Exploit for CVE-2022-32862

%PDF-1.5 %���� 16 0 obj << /Length 972 /Filter...

Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID

A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...

Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID

A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...

Introducing: ‘Saved Filters’ in InsightCloudSec

Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...

Microsoft announces the 2023 Microsoft Security Excellence Awards winners

In a world that’s constantly changing and challenging us, we believe that nothing can stop us when we work together. That’s the spirit of collaboration we celebrated on April 24, 2023, at the fourth annual Microsoft Security Excellence Awards. These awards recognize outstanding contributions from.....

Microsoft announces the 2023 Microsoft Security Excellence Awards winners

In a world that’s constantly changing and challenging us, we believe that nothing can stop us when we work together. That’s the spirit of collaboration we celebrated on April 24, 2023, at the fourth annual Microsoft Security Excellence Awards. These awards recognize outstanding contributions from.....

ChatGPT Cross Site Scripting

...

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...

CVE-2023-28652

An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service...

CVE-2023-22300

An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. This action would also grant the attacker privilege...

CVE-2023-28655

A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged...

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could.....

Input validation

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could.....

SAUTER EY-modulo 5 Building Automation Stations

EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Equipment: EY-modulo 5 Building Automation Stations Vulnerabilities: Cross-site Scripting, Cleartext Transmission of Sensitive Information, and Unrestricted Upload of File with Dangerous...

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on.....

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....

CVE-2023-0053

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4j...

Digital event highlights new features in Microsoft Purview

Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to...

Digital event highlights new features in Microsoft Purview

Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to...

Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve...

CVE-2023-0052

SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could...

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

...

SAUTER Controls Nova 200 – 220 Series (PLC 6)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: Nova 200–220 Series (PLC 6) Vulnerabilities: Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful...

How businesses are gaining integrated data protection with Microsoft Purview

Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.1 Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a...

How businesses are gaining integrated data protection with Microsoft Purview

Currently, our interconnected world is creating 2.5 quintillion bytes of data every day.1 Every purchase made, every email sent, every contract signed: all of it gets shared, accessed, and stored. We take it on faith that organizations are doing all this safely; however, data loss is becoming a...

CVE-2022-20920

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this....

Input validation

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this....

Cisco IOS Software SSH DoS (cisco-sa-ssh-excpt-dos-FzOBQTnk)

According to its self-reported version, Cisco IOS Software and Cisco IOS XE Software is affected by denial of service vulnerability. An authenticated, remote attacker can exploit this, by continuously connecting to an affected device and sending specific SSH requests to cause an affected device to....

Cisco IOS and IOS XE Software SSH Denial of Service Vulnerability

A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit this....

Ukraine war spotlights agriculture sector's vulnerability to cyber attack

By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have...