Wednesday, March 11, 2026

Review - Missed CISA Advisory – 3-10-26

Yesterday I published a post describing three vulnerabilities and three updates published by CISA’s NCCIC-ICS. That post was based upon an email from CISA, “CISA Releases Six Industrial Control Systems Advisories”, which is available here, and was confirmed by Tweet on X. Today, when I checked CISA’s “ICS Advisories” page which lists four advisories being published by CISA yesterday, including an advisory for “Ceragon Siklu MultiHaul and EtherHaul Series” (ICSA-26-069-04) that was not described in yesterday’s post. Researching this advisory led me to a second vulnerability in the same products.

Ceragon Advisory

This advisory describes an unrestricted upload of file with dangerous type vulnerability (with publicly available exploit) in the Ceragon Siklu MultiHaul and EtherHaul Series microwave antennas.

 

For more information on this advisory, including a down-the-rabbit-hole discovery of a second vulnerability reported by the same researcher, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/missed-cisa-advisory-3-10-26 - subscription required.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */