by CIRT Team
Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
Description: A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit...
Read More
by CIRT Team
Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
Description: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Impact: The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in...
Read More
by CIRT Team
Cisco AMP for Endpoints Static Key Vulnerability
Description: On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP for Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. Impact: The vulnerability is due to the use of a static key value stored in the application used to encrypt the...
Read More
by CIRT Team
Microsoft Releases October 2017 Security Update
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
Wordfence! Publishes Security Updates for WordPress plugin
Description: PHP Object Injection Vulnerability Severity 9.8 (Critical) have been found in Appointments, RegistrationMagic-Custom Registration Forms, and Flickr Gallery plugins. Affected plugins and versions: Appointments by WPMU Dev (fixed in 2.2.2) Flickr Gallery by Dan Coulter (fixed in 1.5.3) RegistrationMagic-Custom Registration Forms by CMSHelpLive (fixed in 3.7.9.3) Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available....
Read More
by CIRT Team
Mozilla! Releases Security Update
Description: Mozilla! has released security updates to address multiple vulnerabilities for the following softwares : Firefox ESR 52.4 Firefox 56 Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
by CIRT Team
Apple Releases Security Update for iOS
Description: Apple has released iOS 11.0.1 to address vulnerabilities in previous versions of iOS. Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT208143
by CIRT Team
Google Releases Security Updates for Chrome
Description: Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition. Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
by CIRT Team
Joomla! Releases Security Update
Description: Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address several vulnerabilities. Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.joomla.org/announcements/release-news/5713-joomla-3-8-0-release.html
by CIRT Team
WordPress 4.8.2 Security and Maintenance Release
Description: WordPress versions 4.8.1 and earlier are affected by several security issues and advised to upgrade to 4.8.2 immediately. Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
