Cisco has issued a critical update for its Video Surveillance Manager (VSM) appliance to fix a default password vulnerability.If exploited the vulnerability could allow an unauthenticated user to log in using the root account, which has default, static user credentials allowing the attacker to execute arbitrary commands as the root user, Cisco reported. The issue has been patched with VSM version 7.12, which can be downloaded here.The issue, CVE-2018-15427, affects VSM versions 7.10, 7.11, and 7.11.1, but only when the software is preinstalled by Cisco and running on the following Cisco Connected Safety and Security Unified Computing System platforms:
Active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw, tracked as CVE-2021-20035, has been disclosed by SonicWall upon notification from one of its partners, Cybersecurity Dive reports.
Updates have been issued by Apple to address a pair of zero-day vulnerabilities affecting iOS, macOS, iPadOS, tvOS, and visionOS, which was leveraged in a highly advanced and targeted iPhone attack, according to BleepingComputer.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news