Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of … Read moreThe post Version 2.9 of the Mozilla Root Store Policy appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2023/09/13/version-2-9-of-the-mozilla-root-store-policy/
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. Cisco has released software updates
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Access%20Control%20List%20Bypass%20Vulnerability&vs_k=1
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Connectivity%20Fault%20Management%20Denial%20of%20Service%20Vulnerability&vs_k=1
Cisco IOS XR Software supports a programmatic way of configuring and collecting operational data on a network device using data models. Data models provide access to the capabilities of the devices in a network using NETCONF or gRPC. According to Cisco IOS XR Software configuration guides, if NETCONF or gRPC are enabled on a device, authentication, authorization, and accounting (AAA) authorization should be configured to prevent unauthorized access: Configure AAA authorization to restrict
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-info-GXp7nVcP?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Model-Driven%20Programmability%20Behavior%20with%20AAA%20Authorization&vs_k=1
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20iPXE%20Boot%20Signature%20Bypass%20Vulnerability&vs_k=1
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Image%20Verification%20Vulnerability&vs_k=1
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XR%20Software%20Compression%20ACL%20Bypass%20Vulnerability&vs_k=1
Today’s volatile threat landscape has made every organization focused on staying a step ahead of attackers. According to Frost & Sullivan’s new Extended Detection and Response (XDR) 2023 report, VMware Carbon Black is more than helping enterprises keep ahead: we’re pushing the industry forward. In the latest Frost Radar Report, VMware Carbon Black emerges as … ContinuedThe post VMware Carbon Black Emerges as a Leader in Frost & Sullivan’s 2023 XDR Report
More info:
https://blogs.vmware.com/security/2023/09/vmware-carbon-black-emerges-as-a-leader-in-frost-sullivans-2023-xdr-report.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-carbon-black-emerges-as-a-leader-in-frost-sullivans-2023-xdr-report
