Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products

Posted by & filed under Ειδοποιήσεις.

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway (USG),… Read more »

Cisco discloses AnyConnect VPN Zero-Day – Exploit code available!

Posted by & filed under Ειδοποιήσεις.

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release. However, the Cisco AnyConnect Secure Mobility Client security flaw has… Read more »

FortiGate VPN Default Config Allows MitM Attacks

Posted by & filed under Ειδοποιήσεις.

The client’s default configuration for SSL-VPN has a certificate issue, researchers said. Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle (MitM) attacks, according to researchers, where threat actors could intercept important data. According to the SAM IoT Security Lab, the FortiGate SSL-VPN client only verifies that the certificate used for client… Read more »