Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

CVE-2017-12301: Cisco NX-OS Software Python Parser Escape Vulnerability

Description: The vulnerability exists due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions within the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of...

Read more

0
22 Nov 2017
in Security Advisories & Alerts

Cisco ASA Next-Generation Firewall Services CVE-2017-12299 Remote Security Bypass Vulnerability

Description: Cisco ASA Next-Generation Firewall Services is prone to a remote security-bypass vulnerability. Impact: Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This issue is being tracked by Cisco Bug CSCvd97962. Mitigation: Updates are available. Please see the references or vendor...

Read more

0
22 Nov 2017
in Security Advisories & Alerts

WPA2 Key Reinstallation Multiple Security Weaknesses

Description: WPA2 is prone to multiple security weaknesses. Impact: Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. This may aid in further attacks. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.krackattacks.com/ https://ics-cert.us-cert.gov/advisories/ICSA-17-318-01...

Read more

0
22 Nov 2017
in Security Advisories & Alerts

Intel Manageability Engine CVE-2017-5705 Multiple Local Buffer Overflow Vulnerabilities

Description: Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. Impact: Local attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service...

Read more

0
22 Nov 2017
in News Clipping

Intel Fixes Critical Bugs in Management Engine, Its Secret CPU-On-Chip [source:bleepingcomputer]

Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). The vulnerabilities are severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed...

Read more

0
22 Nov 2017
Page 30 of 69« First...1020...2829303132...405060...Last »