CIRT Team
in Security Advisories & Alerts
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted...
Read more
in Security Advisories & Alerts
CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates
Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Impact: A server that relies...
Read more
in Security Advisories & Alerts
CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers
Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys...
Read more
in Security Advisories & Alerts
Microsoft CVE-2017-0261: Microsoft Office Remote Code Execution Vulnerability
Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. Impact: An attacker can leverage this issue to...
Read more
