Month: septiembre 2023

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Catalyst%203650%20and%20Catalyst%203850%20Series%20Switches%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Wireless%20LAN%20Controller%20AireOS%20Software%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20DNA%20Center%20API%20Insufficient%20Access%20Control%20Vulnerability&vs_k=1

A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Catalyst%209100%20Access%20Points%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Web%20UI%20HTML%20Injection%20Vulnerability&vs_k=1

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Cisco%20Group%20Encrypted%20Transport%20VPN%20Software%20Out-of-Bounds%20Write%20Vulnerability&vs_k=1

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Wireless%20LAN%20Controllers%20Wireless%20Network%20Control%20Denial%20of%20Service%20Vulnerability&vs_k=1

The ever-changing threat landscape necessitates a paradigm shift in the way we approach cybersecurity. Embracing change is no longer an option; it’s a necessity to properly mount a defense against today’s cyber threats. Effective security requires a mindset shift that involves a collective effort across the organization with everyone having a role to play – … ContinuedThe post Embrace the Security Mindset: Design Decisions for a Fortified Next-Generation Multi-Cloud More info: https://blogs.vmware.com/security/2023/09/embrace-the-security-mindset-design-decisions-for-a-fortified-next-generation-multi-cloud-infrastructure-platform.html?utm_source=rss&utm_medium=rss&utm_campaign=embrace-the-security-mindset-design-decisions-for-a-fortified-next-generation-multi-cloud-infrastructure-platform

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000136957?utm_source=f5support&utm_medium=RSS

Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 =10.0 = 10.1 Description: In certain scenarios, Drupals JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the More info: https://www.drupal.org/sa-core-2023-006