Last October, Cisco announced a security vulnerability in their Duo Authentication for Windows Logon and RDP that impacted releases 4.0 through 4.2. In April, Cisco delivered a new release and a fix for CVE-2024-20292.
SECURITY BULLETIN: Cisco Duo Authentication for Windows Logon and RDP Information Vulnerability (CVE-2024-20292)
Systems Engineering is aware of three Vulnerabilities affecting the Cisco ASA; Cisco Adaptive Security Appliance Web Service Denial of Service Vulnerability - CVE-2024-20353, Cisco Adaptive Security Appliance Command Injection Vulnerability - CVE-2024-20358, and Cisco Adaptive Security Appliance Persistent Local Code Execution Vulnerability - CVE-2024-20359.
Systems Engineering is aware of two vulnerabilities, the Fortinet FortiClient EMS Pervasive SQL injection in DAS component (CVE-2023-48788) and FortiClient EMS - CSV injection in the log download feature (CVE-2023-47534).
SECURITY ALERT: Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities
Systems Engineering is aware of the group of Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities, CVE: CVE-2024-20252.
SECURITY ALERT: FortiOS Critical Remote Code Execution (CVE-2024-21762 & CVE-2024-23113)
Systems Engineering is aware of two Critical Vulnerabilities, the Fortinet FortiOS - Out-of-bound Write in sslvpnd (CVE-2024-21762) and FortiOS - Format String Bug in fgfmd (CVE-2024-23113).
Beginning this month, February 2024, Microsoft will start enforcing certain Conditional Access policies automatically for all Microsoft 365 and Office 365 customers. More details are provided below.
SECURITY ALERT: Cisco Unified Communications Products Remote Code Execution Vulnerability
Systems Engineering is aware of the Cisco Unified Communications Products Remote Code Execution Vulnerability, CVE: CVE-2024-20253.