Monthly Patches are out for Palo Alto Networks. Quarterly Patches are out for Juniper. New Alerts for Cisco, Schneider Electric, and Linux.
Cisco
Cisco has published 23 new bulletins, 1 rated Critical, 13 High, and the rest Medium. There is also 1 updated bulletin, rated Critical.
More info.
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface. CVSSv3 score of 10.
More info.
A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. CVSSv3 score of 8.6
More info.
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent DoS. CVSSv3 score of 6.8
More info.
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a DoS. CVSSv3 score of 8.6
More info.
Palo Alto Networks Monthly Patches are out, with 3 bulletins, 1 rated Medium, 1 Low, and 1 Informational.
More info.
An improper handling of exceptional conditions vulnerability exists in the DNS proxy feature of Palo Alto Networks PAN-OS software that enables a MITM to send specifically crafted traffic to the firewall that causes the service to restart unexpectedly. Repeated attempts to send this request result in DoS to all PAN-OS services by restarting the device in maintenance mode. CVSSv3 score of 5.9
More info.
Juniper Quarterly Patches are out, with 21 new bulletins.
More info.
Multiple vulnerabilities allow remote attackers to cause a DoS in Junos OS, Junos OS on SRX Series, and Junos OS Evolved. CVSSv3 scores of 7.5
More info. More info. More info. More info. More info. More info.
Multiple vulnerabilities in third party software used in Juniper Networks Contrail Networking. Highest CVSSv3 score of 9.8
More info. More info.
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows a remote attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. CVSSv3 score of 7.4
More info.
Several Schneider Electric products contain vulnerabilities being leveraged in ICS-oriented attack tools that are being tracked by Mandiant, DoE, and DHS.
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Comments