TTCSIRT-323.07.14.20: TT-CSIRT ADVISORY- Vulnerability in Windows DNS
Microsoft has released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base…
Read MoreTTCSIRT-322.07.08.20: TT-CSIRT ADVISORY- PALOALTO OS COMMAND INJECTION VULNERABILITY
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of…
Read MoreTTCSIRT-321.07.08.20: TT-CSIRT ADVISORY- CITRIX MULTIPLE VULNERABILITIES
Multiple vulnerabilities have been discovered in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if…
Read MoreTTCSIRT-320.07.06.20: TT-CSIRT ADVISORY- F5 BIG-IP VULNERABILITY
The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages This vulnerability allows for unauthenticated attackers, or authenticated…
Read MoreTTCSIRT-319.06.30.20: TT-CSIRT ADVISORY – PAN-OS AUTHENTICATION BYPASS IN SAML AUTHENTICATION
Paloalto reported a very critical (Severity 10) authentication vulnerability release which affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier…
Read MoreTTCSIRT-318.06.24.20: TT-CSIRT ADVISORY – VMWARE ESXI, WORKSTATION AND FUSION VULNERABILITIES
Multiple vulnerabilities exist in VMware ESXi, Workstation and Fusion. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability…
Read More