MA-974.092023: MyCERT Advisory - Cisco Security Advisories Published on 27 September 2023

  • 29 Sep 2023
  • Advisory
  • cisco, ios, zero day, update

1.0 Introduction

Recently, Cisco has released security advisories for vulnerabilities affecting multiple Cisco products.

2.0 Impact
A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
Multiple Cisco products.

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates:

1) Cisco Catalyst SD-WAN Manager Vulnerabilities - SIR: Critical
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

2) Cisco IOS XE Software Web UI Command Injection Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy

3) Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-l2tp-dos-eB5tuFmV

4) Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appqoe-utd-dos-p8O57p5y

5) Cisco DNA Center API Insufficient Access Control Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-ins-acc-con-nHAVDRBZ

6) Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlre-H93FswRz

7) Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cat3k-dos-ZZA4Gb3r

8) Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability - SIR: High
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm

9) Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx

10) Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3

11) Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD

12) Cisco Catalyst 9100 Access Points Denial of Service Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-click-ap-dos-wdcXkvnQ

13) Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-dos-capwap-DDMCZS4m

14) Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability - SIR: Medium
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x
 

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-970.092023: MyCERT Advisory - Apple Releases Security Updates for iOS and macOS

  • 16 Sep 2023
  • Advisory
  • apple, ios, macos, ipados, tvos, update

1.0 Introduction

Recently, Apple has released security updates to address a vulnerability in multiple products.

2.0 Impact
A cyber threat actor could exploit this vulnerability to take control of an affected device.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Kindly refer to the following:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/news-events/alerts/2023/09/12/apple-releases-security-updates-ios-and-macos

MA-962.082023: MyCERT Advisory - Fortinet Releases Security Update for FortiOS

  • 11 Aug 2023
  • Advisory
  • fortinet, fortiOS, update

1.0 Introduction

Recently, Fortinet has released a security update to address a vulnerability (CVE-2023-29182) affecting FortiOS.

2.0 Impact
A remote attacker can exploit this vulnerability to take control of an affected system.

3.0 Affected Products

  • FortiOS version 7.0.0 through 7.0.3
  • FortiOS 6.4 all versions
  • FortiOS 6.2 all versions

4.0 Recommendations
MyCERT encourages users and administrators to review the Fortinet security release [FG-IR-23-149] and apply the necessary updates.

Kindly refer to the following URL for more information: https://www.fortiguard.com/psirt/FG-IR-23-149

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-955.072023: MyCERT Advisory - Fortinet Releases Security Update for FortiOS and FortiProxy

  • 13 Jul 2023
  • Advisory
  • fortinet, fortiproxy, fortiOS, update, vulnerability, exploit

1.0 Introduction

Recrntly, Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy.

2.0 Impact
A remote attacker can exploit this vulnerability to take control of an affected system.

3.0 Affected Products
FortiOS and FortiProxy

4.0 Recommendations
MyCERT encourages users and administrators to review the Fortinet security release FG-IR-23-183 and apply the necessary updates.

Kindly refer to https://www.fortiguard.com/psirt/FG-IR-23-183

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.fortiguard.com/psirt/FG-IR-23-183

MA-947.062023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 27 Jun 2023
  • Advisory
  • apple, iOS, iPadOS, macOS, watchOS, update, security

1.0 Introduction

Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device:

  • CVE-2023-32434: An integer overflow vulnerability in the Kernel that could be exploited by a malicious app to execute arbitrary code with kernel privileges.
  • CVE-2023-32435: A memory corruption vulnerability in WebKit that could lead to arbitrary code execution when processing specially crafted web content.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Kindly refer to the following URLs:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

To update, please refer:

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-942.062023: MyCERT Advisory - Fortinet Fixes Critical RCE Flaw in Fortigate SSL-VPN Devices

  • 15 Jun 2023
  • Advisory
  • fortinet, fortiOS, fortigate

1.0 Introduction

Recently, Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy.

2.0 Impact
An attacker could exploit this vulnerability to take control of an affected system.

3.0 Affected Products

  • FortiOS-6K7K version 7.0.10
  • FortiOS-6K7K version 7.0.5
  • FortiOS-6K7K version 6.4.12
  • FortiOS-6K7K version 6.4.10
  • FortiOS-6K7K version 6.4.8
  • FortiOS-6K7K version 6.4.6
  • FortiOS-6K7K version 6.4.2
  • FortiOS-6K7K version 6.2.9 through 6.2.13
  • FortiOS-6K7K version 6.2.6 through 6.2.7
  • FortiOS-6K7K version 6.2.4
  • FortiOS-6K7K version 6.0.12 through 6.0.16
  • FortiOS-6K7K version 6.0.10
  • FortiProxy version 7.2.0 through 7.2.3
  • FortiProxy version 7.0.0 through 7.0.9
  • FortiProxy version 2.0.0 through 2.0.12
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • FortiOS version 7.2.0 through 7.2.4
  • FortiOS version 7.0.0 through 7.0.11
  • FortiOS version 6.4.0 through 6.4.12
  • FortiOS version 6.2.0 through 6.2.13
  • FortiOS version 6.0.0 through 6.0.16

4.0 Recommendations
MyCERT encourages users and administrators to review Fortinet security advisory FG-IR-23-097 and apply the necessary updates. For more information, see Fortinet's Analysis of CVE-2023-27997 and Clarifications on Volt Typhoon Campaign.

Kindly refer to the URLs below:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-918.042023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 04 Apr 2023
  • Advisory
  • apple, security, update, iOS, iPadOS, macOS, tvOS, watchOS, safari

1.0 Introduction
Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the following advisories and apply the necessary updates.

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-913.032023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 14 Mar 2023
  • Advisory
  • apple, ios, ipados, safari, macos, update, security

1.0 Introduction

Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

MA-910.022023: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 17 Feb 2023
  • Advisory
  • apple, security, updates, iOS, macOS, iPadOS, watchOS, Safari

1.0 Introduction

Recently, Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit these vulnerabilities to take control of an affected device.

3.0 Affected Products

•   Safari 16.3.1
•   iOS 16.3.1 and iPadOS 16.3.1
•   macOS 13.2.1

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
•   Safari 16.3.1 - https://support.apple.com/kb/HT213638
•   iOS 16.3.1 and iPadOS 16.3.1 - https://support.apple.com/kb/HT213635
•   macOS 13.2.1 - https://support.apple.com/kb/HT213633

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/apple-releases-security-updates-multiple-products

MA-896.122022: MyCERT Advisory - Apple Releases Security Updates for Multiple Products

  • 15 Dec 2022
  • Advisory
  • apple, iOS, iPadOS, macOS, tvOS, watchOS, safari, update, software, security

1.0 Introduction

Apple has released security updates to address vulnerabilities in multiple products.

2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.

3.0 Affected Products

  • Safari 16.2
  • iCloud for Windows 14.1
  • macOS Monterey 12.6.2
  • macOS Big Sur 11.7.2
  • tvOS 16.2
  • watchOS 9.2
  • iOS 15.7.2 and iPadOS 15.7.2
  • iOS 16.2 and iPadOS 16.2
  • macOS Ventura 13.1

4.0 Recommendations
MyCERT encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible.

The Apple security updates page is available at:
https://support.apple.com/en-us/HT201222

Generally, MyCERT advises the users of these devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please get in touch with MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References 

Showing 1-10 of 23 items.
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)
(not set)