Warning Against Cisco IOS XE Software Web UI Vulnerabilities (CVE-2023-20198, CVE-2023-20273) Posted By ryushsh , October 30, 2023 Overview This month, Cisco released a security advisory regarding two vulnerabilities currently being actively exploited in actual attacks: CVE-2023-20198 and CVE-2023-20273. These vulnerabilities are present in the web UI feature of Cisco IOS XE Software. The CVE-2023-20198 vulnerability allows an unauthorized threat actor to create an arbitrary account with level 15 privileges, which is the highest level of access permission possible, and take control over the system. The CVE-2023-20273 vulnerability allows command injection which enables malicious content to be written…
Windows MSDT Zero-day Vulnerability ‘DogWalk’ Detected by V3 Posted By jcleebobgatenet , June 23, 2022 On June 8th, a new Windows Zero-day vulnerability named DogWalk was revealed by Hacker News (thehackernews.com). Similar to that of Follina vulnerability that targeted MS Office document files, this is a vulnerability that occurs from MSDT (Microsoft Support Diagnostic Tool), and it has a risk of copying malware in Windows Startup folder upon running the compressed “.diagcab” extension file. Although PC has to be restarted for the malicious file to operate, users are exposed to attacks since no patch has…
