Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Data Transformation: 3 Sessions to Attend at RSA 2022

Three RSA 2022 sessions take deep dives into the security considerations around data cloud transformation.

DARKReading
Open in Source
#google#microsoft#cisco#aws#auth
EMEAR Monthly Talos Update: Wiper malware

Cisco Talos and Cisco Secure are launching a new video series to fill you in on the latest cybersecurity trends. We’re thrilled to launch our first video in the new Talos Threat Update series, which you can watch above or over at this link, where Martin Lee and Hazel Burton talk about wiper... [[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (May 12, 2022) — Mandatory MFA adoption is great, but is it too late?

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Mandatory multi-factor authentication is all the rage nowadays. GitHub just announced that all contributors would have to enroll in MFA by 2023 to log into their accounts. And Google announced as part of... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-26020: TALOS-2022-1474 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-21182: TALOS-2022-1472 || Cisco Talos Intelligence Group

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-26518: TALOS-2022-1501 || Cisco Talos Intelligence Group

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-21809: TALOS-2022-1468 || Cisco Talos Intelligence Group

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.

CVE-2022-26510: TALOS-2022-1495 || Cisco Talos Intelligence Group

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-27172: TALOS-2022-1496 || Cisco Talos Intelligence Group

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2021-40399: TALOS-2021-1412 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.