Downfall processor leaks, Teams holes, VPN clients at risk, and more
] discusses two attacks, collectively dubbed TunnelCrack, that exploit CVE-2023-36672 and CVE-2023-36673, and affect Cisco Secure Client AnyConnect VPN for iOS regardless of client configuration.Mathy Vanhoef, of KU Leuven, who co-authored the Usenix-accepted paper with colleagues at New York University and New York University Abu Dhabi, and reported the bugs to Cisco, also releasedexploit code and further details for these attacks.
Cisco described it thus: an attacker"can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption." That said, the biz reckoned suitable firewall rules, if necessary, are enough to defeat these diversions.
"For customers who have configured clients to allow local LAN access, Cisco recommends applying client firewall rules to allow access to necessary resources only," the networking giant said.to fix a 6.4-CVSS-rated stack-based buffer overflow bug in FortiOS. It's tracked as CVE-2023-29182, and it can allow crooks to execute arbitrary code via specially crafted CLI commands and take full control of a compromised system.yesterday to fix bugs affecting those devices.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," Google warned, adding that this vulnerability doesn't need any user interaction for exploitation. ®
Danmark Seneste Nyt, Danmark Overskrifter
Similar News:Du kan også læse nyheder, der ligner denne, som vi har indsamlet fra andre nyhedskilder.
Baldur's Gate 3 FSR 2.2 upgrade likely to drop 'closer to September 6'Baldur's Gate 3 set to receive a much needed upgrade to FSR 2.2 soon.
Læs mere »
Microsoft's £1/£1 Xbox Game Pass offer cut from a month to 14 daysMicrosoft has changed its popular £1/$1 monthly trial offer for Xbox Game Pass Ultimate and PC, to now only grant…
Læs mere »
Intel's next-next gen Lunar Lake architectural details surfaceBetter cores, better graphics and hopefully longer battery life. Lunar Lake is coming to laptops in 2025.
Læs mere »
China’s CPU champ Loongson is four years behind IntelChina's great CPU hope – Loongson – finds it's only four years behind Intel
Læs mere »
Microsoft hits back at Tenable’s criticism of its infosec'Not all fixes are equal,' argues Redmond, and this one for the Power Platform didn't need to be rushed
Læs mere »
“Bandwagon” F1 teams prompted collapse of Williams capex push, says WolffMercedes boss Toto Wolff has suggested the push to help Williams get more freedom to spend on factory improvements collapsed because Formula 1 rivals jumped on a \u201cbandwagon\u201d to help themselves.\u00a0
Læs mere »