November 7, 2024 at 04:47PM Cisco has identified a vulnerability in its Unified Industrial Wireless Software for URWB access points, potentially allowing remote attackers to execute command injection attacks. Affected models include Catalyst IW9165D, IW9165E, and IW9167E with URWB mode enabled. Cisco has released a fix, though there’s no known public exploitation of the issue. … Read more
November 7, 2024 at 07:30AM Cisco has patched a critical vulnerability in its Unified Industrial Wireless software that could enable remote, unauthenticated attackers to execute commands with root privileges. The issue poses significant security risks to the affected systems. **Meeting Notes Takeaways:** – A critical vulnerability has been identified in Cisco Unified Industrial Wireless software. … Read more
November 6, 2024 at 02:38PM Cisco has resolved a critical vulnerability (CVE-2024-20418) in its Ultra-Reliable Wireless Backhaul access points, allowing unauthorized command execution with root privileges via a web interface. The flaw affects certain Catalyst access points with vulnerable software. Cisco’s security teams found no evidence of exploitation so far. ### Meeting Notes Takeaways: 1. … Read more
October 31, 2024 at 02:26PM Hackers are exploiting two zero-day vulnerabilities (CVE-2024-8956, CVE-2024-8957) in PTZOptics cameras, allowing unauthorized access and potential remote code execution. GreyNoise discovered these flaws, affecting various models, and reported them for responsible disclosure. PTZOptics released an update, but some devices remain unpatched, posing security risks. Users are advised to check with … Read more
October 25, 2024 at 10:33AM A vulnerability in the Wi-Fi Test Suite, tracked as CVE-2024-41992, allows unauthenticated local attackers to execute arbitrary code on Arcadyan FMIMG51AX000J routers. Discovered by researcher “fj016,” the flaw could grant full administrative access, jeopardizing network security. Vendors are advised to remove or update the Wi-Fi Test Suite to mitigate risks. … Read more
October 10, 2024 at 02:06AM CISA has added a critical vulnerability (CVE-2024-23113) impacting Fortinet products to its KEV catalog, requiring federal agencies to apply mitigations by October 30, 2024. Meanwhile, Palo Alto Networks disclosed multiple high-risk flaws in Expedition and Cisco patched a critical command execution vulnerability in Nexus Dashboard Fabric Controller. ### Meeting Takeaways … Read more
October 8, 2024 at 12:12PM Ivanti released security updates to address three new Cloud Services Appliance (CSA) zero-day vulnerabilities being actively exploited. These flaws impact CSA 5.0.1 and earlier, with the company advising affected customers to upgrade to version 5.0.2 and monitor for signs of compromise. Ivanti pledged a focus on Secure by Design and … Read more
September 12, 2024 at 07:47AM Cisco announced patches for eight vulnerabilities in the IOS XR network operating system, including fixes for six high-severity bugs. The most severe flaws allow privilege escalation and remote DoS attacks. Two high-severity flaws affecting the Routed Passive Optical Network (PON) controller software could be exploited for command injection. Cisco plans … Read more
August 15, 2024 at 10:51AM SolarWinds has released a patch to fix a critical security flaw in its Web Help Desk software (CVE-2024-28986) that could allow remote code execution. Palo Alto Networks also addressed high and moderate-severity vulnerabilities in Cortex XSOAR and GlobalProtect, urging users to update to the latest versions to reduce risks and … Read more
June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more