This week we have four vendor disclosures from BD, Moxa, and Dell (2). There is an exploit report for a product from Pulse Secure.
BD Advisory
BD published an advisory discussing the SUNBURST vulnerability. BD reports that none of their products deployed at customer sites contain SolarWinds Orion products.
Moxa Advisory
Moxa published an advisory discussing the Amnesia:33 vulnerabilities. Moxa reports that none of their products are affected.
Dell Advisories
Dell published an advisory describing two insecure default configuration vulnerabilities in their Wyse Thin Client devices. The vulnerabilities were reported by CyberMDX. Dell has updates that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
NOTE: Thanks to @ICS_SCADA (Marc Ayala) for pointing out
that these are used in ICS environments.
Dell published an advisory describing three vulnerabilities in their Wyse Management Suite. The vulnerabilities were reported by Khalid Latifi. Dell has an update that mitigates the vulnerabilities. There is no indication that Latifi has been provided an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Cross-site scripting (2) - CVE-2020-29496
and CVE-2020-29497, and
• Open re-direct - CVE-2020-29498
Pulse Secure Exploit
h00die published a Metasploit module for a
remote code execution vulnerability in the Pulse Secure VPN. There is no CVE
included in the published notice so this may be a 0-day vulnerability.
Posts
No comments:
Post a Comment