Security Advisory – Atlassian’s April 2024 Software Vulnerability Updates (Multiple CVEs)

Atlassian’s April 2024 security bulletin details seven high-severity vulnerabilities affecting various software, including Bamboo, Confluence, and Jira Data Centers and Servers. These issues range from server-side request forgery (SSRF) to denial of service (DoS) attacks, caused by dependencies like Spring Web and Amazon Ion. Atlassian has released updated versions to address these vulnerabilities and recommends…

Read More

Security Advisory – Mitel SIP Phones Information Disclosure Vulnerability (CVE-2024-31967)

Mitel has reported an information disclosure vulnerability (CVE-2024-31967) affecting their 6800, 6900, and 6900w Series SIP Phones, including the 6970 Conference Unit. This vulnerability could allow unauthorized access to user information and phone configuration. Affected devices should be updated to the latest firmware versions to mitigate the risk. The issue was identified by Kevin Joensen…

Read More

Security Advisory – Mitel SIP Phones Argument Injection Flaw (CVE-2024-31966)

A newly disclosed argument injection vulnerability, CVE-2024-31966, affects Mitel 6800, 6900, and 6900w Series SIP Phones, including the 6970 Conference Unit. This vulnerability could potentially allow unauthorized command execution or data access. Mitel has issued software updates to address this medium-risk vulnerability and advises customers to upgrade their devices to the latest versions. For full…

Read More

Security Advisory – Mitel Path Traversal Vulnerability in SIP Phones (CVE-2024-31965)

Mitel has issued a security advisory for a path traversal vulnerability (CVE-2024-31965) affecting the 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit. This flaw could enable unauthorized access to sensitive information. Mitel recommends updating to the latest software releases for mitigation. This vulnerability has been given a medium risk…

Read More

Security Advisory – Mitel SIP Phones Authentication Bypass Risk (CVE-2024-31964)

An authentication bypass vulnerability identified in Mitel 6800, 6900, and 6900w Series SIP Phones, including the 6970 Conference Unit (CVE-2024-31964), could allow unauthorized configuration changes and potential service disruptions. The issue, highlighted by Kevin Joensen of CSIS, affects certain software versions. Mitel has responded by providing software updates and encourages affected users to upgrade to…

Read More

Security Advisory – Mitel SIP Phones Vulnerability Alert (CVE-2024-31963)

A buffer overflow vulnerability (CVE-2024-31963) has been identified in several Mitel SIP phone models, specifically the 6800 Series, 6900 Series, and 6900w Series, including the 6970 Conference Unit. This security flaw could allow a malicious actor to cause a denial of service state. Mitel has rated this vulnerability as medium risk and advises affected customers…

Read More

Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

Cisco Security Advisory A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability…

Read More

Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability

Cisco Security Advisory A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.  This vulnerability…

Read More

Cisco Integrated Management Controller CLI Command Injection Vulnerability

Cisco Security Advisory A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is…

Read More