Cisco ASA 5500 Series DoS - I lost track of how many times I've been taunted with the words, "I'm gonna DoS your firewall!" Oh wait, that was just something I heard in the movies and on TV. Turns out it's a reality if you're using an ASA firewall configured with IPv6. I wonder just how many more vulnerabilities are going to crop up for IPv6 protocol stacks (we even see IPv4 vulnerabilities crop up now and again!).
MikroTik Winbox Less Than 5.17 File Download DoS - " An unauthenticated, remote attacker may make multiple requests to download a large file, resulting in the service becoming unresponsive." MikroTik makes some super cool hardware too, fantastic wireless access points. They have their own operating system called RouterOS, however, this vulnerability is in a utility called Winbox used to configure the operating system.
HAProxy Trash Buffer Overflow Vulnerability - HAProxy is a load balancer, have to make sure this type of device is always patched as even DoS vulnerabilities can be severe (though this one happens to be a buffer overflow). There are some mitigating circumstances: "It requires that the global.tune.bufsize option is set to a value greater than default and that header rewriting is configured."
Quagga Less Than 0.99.19 Vulnerabilities - For those that may not know: "Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro." We recently published quite a few plugins to detect vulnerabilities on this platform.
Users enraged by Cisco's cloudy 'upgrade' to Linksys routers - This comment from a user sums it up nicely: "I was actually really looking forward to the potential for the cloud apps on the 4500. What I see now is a serious deficiency in having to be forced to go through the cloud for basic router functionality. The interface is pretty but functionally inferior and slow to do edits with. Honestly, it is a real let down. But to restrict functionality and access to functions UNLESS signed into the cloud? No way Jose. Cisco, you are a hardware manufacturer, NOT my network administrator by proxy."
eHarmony Password Dump Analysis - Okay, I'm going to rant again about password length: "The most popular length of password was seven characters. Followed closely by six characters and eight characters. Expectedly, the percentages drop drastically as you go higher in length." 23% of the passwords were 7 characters, 0.5% were 14 characters.
Try Tenable.io free for 60 days. Protect your organization from WannaCry, NotPetya and other ransomware cyberattacks. Get Started
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.