Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands. […] Read More
BleepingComputer
Related Posts
Cisco Duo Device Health App Flaw Allows Directory Traversal Attacks
Cisco Duo Device Health App Flaw Allows Directory Traversal Attacks
The CryptoService function in the Cisco Duo Device Health Application for Windows has a vulnerability tracked as (CVE-2023-20229).
This might allow a low-privileged attacker to carry out directory traversal attacks and overwrite arbitrary files on a susceptible device.
Directory traversal, also known as Path traversal, is a type of HTTP attack that enables attackers to access restricted directories and run commands outside of the web server’s root directory.
An attacker just requires a web browser and some knowledge of where to look for any default files and directories on the system to conduct a directory traversal attack.
Cisco has issued software upgrades to address this vulnerability. There are no workarounds for this issue.
Details of the Vulnerability
The vulnerability tagged as (CVE-2023-20229) with a CVSS score of 7.1 with high severity range is caused due to insufficient input validation.
“An attacker could exploit this vulnerability by executing a directory traversal attack on an affected host,” Cisco said in its security advisory.
Upon successful exploitation, an attacker may be able to overwrite arbitrary files with SYSTEM-level privileges using a cryptographic key, causing a DoS issue or data loss on the impacted system.
Affected Products
The Cisco Duo Device Health Application for Windows is impacted. Cisco also confirms that this vulnerability does not impact Cisco Duo Device Health Application for macOS.
Fixes Available
Cisco has issued free software upgrades available to fix the problem.
Customers are encouraged to upgrade to an applicable fixed software release as soon as possible to remain secure.
Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.
The post Cisco Duo Device Health App Flaw Allows Directory Traversal Attacks appeared first on Cyber Security News.
Cyber Security News
Could AI’s doomsday be deferred?
Could AI’s doomsday be deferred?
Dr. Robert Blumofe, CTO at Akamai, sits down to talk about the AI doomsday versus a “very bad day” scenario. Dave shares a story from The Knowledge Project Podcast, where the host talks to Adam Robinson, a multifaceted individual known for his work as an author, educator, entrepreneur, and hedge fund advisor, and he talks about what is all incorporated into the term “stupidity.” Dave goes on to share that while most people may feel stupid when falling for a scam, this research suggests otherwise, and you should never feel that way for falling for any scam. Joe’s story comes from Hayley Compton at BBC, and is on a Facebook scam sneaking it’s way into a family’s home after a couple just had their first child. Our catch of the day comes from listener Michael, who shares an email he received that caught him off guard at first. Read More
The CyberWire
Critical RCE flaws found in SolarWinds access audit solution
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges. […] Read More
BleepingComputer