Saturday, November 16, 2024

Review – Public ICS Disclosures – Week of 11-9-24 – Part 1

This week, for Part 1, we have 28 vendor disclosures from Broadcom (11), Eaton (2), FortiGuard (11), and HP (6).

Advisories

Broadcom Advisory #1 - Broadcom published an advisory that describes a key exchange without entity authentication vulnerability in their Brocade Fabric OS.

Broadcom Advisory #2 - Broadcom published an advisory that describes an unencrypted password storage vulnerability in their Brocade Fabric OS.

Broadcom Advisory #3 - Broadcom published an advisory that describes a privilege escalation vulnerability in their Brocade Fabric OS.

Broadcom Advisory #4 - Broadcom published an advisory that discusses a command injection vulnerability in their Brocade Fabric OS, Brocade SANnav, and Brocade Support Link products.

Broadcom Advisory #5 - Broadcom published an advisory that discusses an improper authentication vulnerability (with a publicly available exploit) in their Brocade Fabric OS, Brocade SANnav, and Brocade Support Link products.

Broadcom Advisory #6 - Broadcom published an advisory that discusses a use-after-free vulnerability (that is listed in CISA’s Known Exploited Vulnerability catalog) in their Brocade Fabric OS and Brocade Support Link products.

Broadcom Advisory #7 - Broadcom published an advisory that discusses an excessive iteration vulnerability in their Brocade Fabric OS and Brocade Support Link products.

Broadcom Advisory #8 - Broadcom published an advisory that discusses an unchecked input for loop condition vulnerability in their Brocade Fabric OS and Brocade Support Link products.

Broadcom Advisory #9 - Broadcom published an advisory that discusses an out-of-bounds write vulnerability in their Brocade Fabric OS and Brocade Support Link products.

Broadcom Advisory #10 - Broadcom published an advisory that discusses an out-of-bounds read vulnerability in their Brocade Fabric OS and Brocade Support Link products.

Broadcom Advisory #11 - Broadcom published an advisory that discusses an improper restriction of operations within the bounds of a memory buffer vulnerability (with publicly available exploit) in their Brocade Fabric OS and Brocade Support Link.

Eaton Advisory #1 - Eaton published an advisory that discusses the regreSSHion vulnerability in their NM2 product.

Eaton Advisory #2 - Eaton published an advisory that discusses seven vulnerabilities in their Eaton i-WIFI01 product.

FortiGuard Advisory #1 - FortiGuard published an advisory that describes a path traversal vulnerability in their FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData products.

FortiGuard Advisory #2 - FortiGuard published an advisory that describes a missing authentication for critical function vulnerability in multiple FortiGuard products.

FortiGuard Advisory #3 - FortiGuard published an advisory that describes a session fixation vulnerability in their FortiOS product.

FortiGuard Advisory #4 - FortiGuard published an advisory that heap-based buffer overflow vulnerability in their FortiOS product.

FortiGuard Advisory #5 - FortiGuard published an advisory that describes an exposure of personal information to an unauthorized actor vulnerability in their FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData products.

FortiGuard Advisory #6 - FortiGuard published an advisory that describes a command injection vulnerability in their FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData CLI products.

FortiGuard Advisory #7 - FortiGuard published an advisory that describes a relative path traversal vulnerability in FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData products.

FortiGuard Advisory #8 - FortiGuard published an advisory that describes a relative path traversal vulnerability in FortiManager, FortiAnalyzer, and FortiAnalyzer-BigData products.

FortiGuard Advisory #9 - FortiGuard published an advisory that describes a client-side enforcement of server-side security in their FortiAnalyzer product.

FortiGuard Advisory #10 - FortiGuard published an advisory that describes an improperly implemented security check for standard vulnerability in their FortiOS and FortiProxy SSL-VPN web user interface.

FortiGuard Advisory #11 - FortiGuard published an advisory that describes a stack-based buffer overflow vulnerability in their FortiManager, FortiAnalyzer and FortiAnalyzer-BigData CLI.

HP Advisory #1 - HP published an advisory that discusses three vulnerabilities in multiple HP products.

HP Advisory #2 - HP published an advisory that discusses three vulnerabilities in multiple HP products.

HP Advisory #3 - HP published an advisory that discusses four vulnerabilities in multiple HP products.

HP Advisory #4 - HP published an advisory that discusses two vulnerabilities in multiple HP products.

HP Advisory #5 - HP published an advisory that describes two uncontrolled search path element vulnerabilities in multiple HP products.

HP Advisory #6 - HP published an advisory that discusses an incorrect default permission vulnerability in multiple HP products.

 

For more information on these disclosures, including links to 3rd party reports, researcher reports and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-117 - subscription required.

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */