exploitation – Smart Cyber Security

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities 10/20/2023 08:00 AM EDT Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of …

Continue reading “CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities”

CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA Releases IOCs Associated with Malicious Barracuda Activity 08/29/2023 08:00 AM EDT CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October …

Continue reading “CISA Releases IOCs Associated with Malicious Barracuda Activity”

Vulnerability Summary for the Week of August 15, 2022

Vulnerability Summary for the Week of August 15, 2022 08/22/2022 11:24 AM EDT Original release date: August 22, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top Medium Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source …

Continue reading “Vulnerability Summary for the Week of August 15, 2022”

Vulnerability Summary for the Week of August 8, 2022

Vulnerability Summary for the Week of August 8, 2022 08/15/2022 10:52 AM EDT Original release date: August 15, 2022 | Last revised: August 16, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top Medium Vulnerabilities PrimaryVendor — …

Continue reading “Vulnerability Summary for the Week of August 8, 2022”

CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X

CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X 06/03/2022 03:40 PM EDT Original release date: June 3, 2022 CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to …

Continue reading “CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X”

Vulnerability Summary for the Week of May 9, 2022

Vulnerability Summary for the Week of May 9, 2022 05/16/2022 09:55 AM EDT Original release date: May 16, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — photoshop Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result …

Continue reading “Vulnerability Summary for the Week of May 9, 2022”

Vulnerability Summary for the Week of January 3, 2022

Vulnerability Summary for the Week of January 3, 2022 01/10/2022 11:30 AM EST Original release date: January 10, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info beyondtrust — appliance_base_software BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, …

Continue reading “Vulnerability Summary for the Week of January 3, 2022”

Vulnerability Summary for the Week of December 13, 2021

Original release date: December 21, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services …

Continue reading “Vulnerability Summary for the Week of December 13, 2021”

Vulnerability Summary for the Week of December 6, 2021

Vulnerability Summary for the Week of December 6, 2021 12/13/2021 09:29 AM EST Original release date: December 13, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info accops — hyworks_dvm_tools A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Handler 0x22001B allows local …

Continue reading “Vulnerability Summary for the Week of December 6, 2021”

CISA and FBI Release Alert on Active Exploitation of CVE44077 in Zoho ManageEngine ServiceDesk Plus

CISA and FBI Release Alert on Active Exploitation of CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus 12/02/2021 05:43 PM EST Original release date: December 2, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution …

Continue reading “CISA and FBI Release Alert on Active Exploitation of CVE44077 in Zoho ManageEngine ServiceDesk Plus”