05138803331

Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Khorasan Razavi, Iran

0

basket

  • فارسی
    • 0

    سبد خرید

    Last Articles

    article
    High level vulnerability in cisco
    فروردین ۷ , ۱۴۰۲
    Read more
    article
    CRITICAL level vulnerability inMicrosoft Outlook
    فروردین ۷ , ۱۴۰۲
    Read more
    article
    CRITICAL level vulnerability in WordPress plugin
    اسفند ۲۱ , ۱۴۰۱
    Read more

    Categories

    High level vulnerability in cisco

    High level vulnerability in cisco

    CVE-2022-20929
    Description
    A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.

    CNA: Cisco Systems, Inc

    Vector:  CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Base Score: 7.8 HIGH

     

    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h

    Security News
    CRITICAL level vulnerability inMicrosoft Outlook

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Articles

    article
    high level vulnerability in Linux

    CVE-2022-2196 Description A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code […]

    Category:
    دی ۲۶ , ۱۴۰۱
    Read more
    article
    critical level & high level vulnerability in Cisco

    CVE-2023-20025 Description A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based […]

    Category:
    بهمن ۱۲ , ۱۴۰۱
    Read more
    article
    high level and critical vulnerability(10-13 December)

    CVE-2022-46609 Description Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. Base Score: 9.8 CRITICAL https://github.com/herry-zhang/Python3-RESTfulAPI/commit/1c2081dca357685b3180b9baeb7e761e9a10ca99 _______________________________ CVE-2022-44832 Description D-Link DIR-3040 device with firmware 120B03 was discovered to contain a […]

    Category:
    آذر ۲۸ , ۱۴۰۱
    Read more

    Contact us

    Address: Mashhad, Ferdowsi University of Mashhad, Faculty of Engineering, APA Specialized Center
    Phone number: 05138803331
    Working hours: 8 am to 4 pm
    cert@um.ac.ir

    Links

    © All rights reserved to APA Specialized Center of Ferdowsi University of Mashhad