Overview On May 15, 2019, local time, Cisco officially released a security advisory, announcing remediation of three critical remote code execution vulnerabilities (CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823) in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPN). (more…)
Category: Emergency Response
Adobe Releases May’s Security Updates Threat Alert
Overview On May 14, 2019, local time, Adobe officially released May's security updates to fix multiple vulnerabilities in its various products, including Adobe Flash Player, Adobe Acrobat and Reader, and Media Encoder. (more…)
Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) Threat Alert
Overview On May 14, 2019, local time, Microsoft released security updates for May that address a critical remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. The Remote Desktop Protocol (RDP) is not affected by this vulnerability. As the vulnerability may be exploited in worm-related attacks, users are advised to...
Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability Threat Alert
Overview Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A...
Microsoft’s Security Patches for May Fix 82 Security Vulnerabilities Threat Alert
Overview Microsoft released May 2019 security patches on Tuesday that fix 82 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Kerberos, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine,...
Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert
1 Vulnerability Overview On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker...
