Dernières alertes de sécurité

cURL and libcurl Vulnerability Affecting Cisco Products: October 2023

> date : 2023-10-13 19:29:00
> lien : https://sec.cloudapps.cisco.com/security/center/content/Cisc...

[...]

Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability

> date : 2023-10-13 13:36:00
> lien : https://sec.cloudapps.cisco.com/security/center/content/Cisc...

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. Cisco has released software updates that address this [...]

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability

> date : 2023-10-11 14:59:00
> lien : https://sec.cloudapps.cisco.com/security/center/content/Cisc...

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using va [...]

Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability

> date : 2023-10-04 16:00:00
> lien : https://sec.cloudapps.cisco.com/security/center/content/Cisc...

A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the [...]

| page 1 | page suivante |


 

  Sécurité



  Classement

Selon le comparatif phwinfo.com, Ironie.org est 3ème au classement des mutualisés !

   

  Nouvelles

Consulter les dernières actualités de plus de 300 sources d'informations différentes.

  news.ironie.org

connected from address localhost (127.0.0.1:27350)
using claudebot
served for Ironie.org by Debian GNU/Linux