Posted on No Comments on Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

We have three new vulnerabilities in Cisco.

  • One could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
  • One that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
  • And another one which could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Read more Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco
Posted on No Comments on Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

This time we have a few vulnerabilities from Google and Microsoft:

  • Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
  • Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
  • Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
  • Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
  • Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
  • Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
Read more Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure
Posted on No Comments on Electrolink FM/DAB/TV Transmitter

Electrolink FM/DAB/TV Transmitter

1. EXECUTIVE SUMMARY

  • CVSS v3 8.8
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Electrolink
  • Equipment: FM/DAB/TV Transmitter
  • Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.

Read more Electrolink FM/DAB/TV Transmitter