Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial...
Cisco Identity Services Engine Unauthorized Access Vulnerability
A vulnerability in the Admin portal of devices running Cisco Identity Services Engine (ISE) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.
An attacker who can connect to the Admin portal of an...
Cisco Identity Services Engine Privilege Escalation Vulnerability
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.
The vulnerability is due to incomplete input...
SYMSA1392-SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack. A remote attacker with the ability to observe a long-lived...
SYMSA1404-SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code. The attacker can also...
SYMSA1397-SA144 : OpenSSH Vulnerabilities January 2017
Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker with access to an SSH server can exploit these vulnerabilities to execute arbitrary code on an SSH client. A local attacker can also...
SYMSA1390-SA136 : OpenSSH Vulnerabilities
Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU...
SYMSA1387-SA135 : OpenSSL Vulnerabilities 10-Nov-2016
Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain SSL/TLS session key information.
SYMSA1389-SA134 : Linux Kernel Vulnerabilities Oct/Nov 2016
Blue Coat products that include a vulnerable version of the Linux kernel are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to cause denial of service through system crashes or...
SYMSA1382-SA132 : OpenSSL Vulnerabilities 22-Sep-2016 and 26-Sep-2016
Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to recover private DSA keys or execute arbitrary code through integer overflow and buffer overwrites. The attacker can also...
SYMSA1374-SA128 : Multiple PCRE Vulnerabilities
Blue Coat products that include vulnerable versions of the PCRE and GLib2 libraries are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information. The attacker can also cause denial...
SYMSA1351-SA117 : OpenSSL Vulnerabilities 1-Mar-2016
Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to decrypt live and recorded SSL sessions, cause denial of service through application crashes, and possibly execute arbitrary code. ...
SYMSA1349-SA112 : Linux Kernel Keyring Privilege Escalation
Blue Coat products that include affected versions of the Linux kernel and provide means for executing arbitrary code are susceptible to a privilege escalation vulnerability. A malicious local unprivileged user can exploit this vulnerability to escalate their privileges on...
SYMSA1423-SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017
Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can send a crafted X.509 certificate to cause unspecified impact. They can exploit, under certain circumstances, a computational flaw in the Montgomery squaring...
SYMSA1395-SA141 : OpenSSL Vulnerabilities 26-Jan-2017
Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information.
SYMSA1361-SA121 : OpenSSH Shell Command Restriction Bypass
Blue Coat products that include vulnerable versions of OpenSSH and enable X11 forwarding are susceptible to a command injection vulnerability due to insufficient input data sanitization. An authenticated remote attacker can exploit this vulnerability to bypass intended command restrictions...
Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018
On August 14, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed a vulnerability in the IP stack that is used by the Linux Kernel. This vulnerability...
Apple Releases Security Update for macOS Mojave
Original release date: September 24, 2018Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to...
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
Original release date: September 24, 2018NCCIC will conduct a series of webinars on protecting enterprise network infrastructure devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:Monday, September 24Thursday,...
한국어로
한국어로
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
