Critical Vulnerabilities in Sophos XGS Firewalls fixed – 12/2024

2024-12-20 On 2024/12/19 Sophos has released following vulnerabilities XGS Firewall: CVE-2024-12727 CVSS: 9.8CVE-2024-12728 CVSS: 9.8CVE-2024-12729 CVSS: 8.8 Sophos provides further information under the following link:https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce In customer environments set up by VIVAVIS, the relevant features of the XGS firewalls are not active or not released from the Internet. In addition, Sophos has already released hotfixes […]

Continue reading

High severity vulnerabilities in Veeam Backup & Replication 12/2024

05 December 2024  On 04 December 2024, Veeam published several, in parts high severity vulnerabilities related to their Veeam Backup & Replication data backup solution. All Veeam Backup & Replication versions < 12.3 are affected. The security gaps have been closed with the initial release 12.3.0.310 of Veeam Backup & Replication. For further details, please […]

Continue reading

Cisco: Several Vulnerabilities in ASA, Firepower and FTD Software 10/2024

2024-11-04 On 28 October 2024, Cisco published a large number of vulnerabilities for the Cisco Adaptive Security Appliance (ASA), Cisco Firepower and Cisco Firepower Threat Defense (FTD) software: According to the BSI’s warnings, the vulnerabilities can be grouped as follows: Cisco summarizes further information on all vulnerabilities on the following page: https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300 The vulnerabilities listed […]

Continue reading

Critical Vulnerabilities in Veeam Backup & Replication

06 September 2024  On 04 September 2024, Veeam published several, in parts critical vulnerabilities related to their Veeam Backup & Replication data backup solution. All Veeam Backup & Replication versions <= 12.1.2.172 are affected. The security gaps have been closed with the current version 12.2.0.334 of Veeam Backup & Replication. For further details, please refer […]

Continue reading

VIVAVIS – HIGH-LEIT RCE Vulnerability CVE-2024-38456

2024-09-02  In the course of a penetration test, Schutzwerk GmbH have discovered an RCE vulnerability in the HIGH-LEIT SCADA system from VIVAVIS. This vulnerability enables logged-on, non-privileged users of HIGH-LEIT to execute any given code with local system rights. To exploit this vulnerability, the “HL-InstallService” Windows service must be actively running. The following HIGH-LEIT versions […]

Continue reading

RDL vulnerability in Microsoft Server closed – CVE-2024-38077

On 9th August 2024, a vulnerability was published in the ‘Remote Desktop Licensing’ role service that allows unauthenticated attackers to remotely execute arbitrary code in the context of the service using a buffer overflow. Microsoft closed the vulnerability on Patchday July 2024 and rated the vulnerability as ‘high’ (CVSS score 9.8), but considers exploitation to […]

Continue reading

Warning about Microsoft security updates May 2024

May 17, 2024 On May 14, 2024, Microsoft rolled out the security update KB5037765 for Windows Server 2019 and Windows 10 as part of the monthly patchday. The security updates from the May Patchday fail on many “Windows Server 2019” systems with error number “0x800f0982”. There are also reports of installation errors for the KB5037765 […]

Continue reading

Cisco – Several vulnerabilities in ASA und Firepower FTD Software

2024-04-25  Cisco published the following three vulnerabilities for the Cisco Adaptive Security Appliance (ASA) software and the Cisco Firepower Threat Defense (FTD) software on 24.04.2024: – CVE-2024-20359 / CVSS: 6.0 – CVE-2024-20353 / CVSS: 8.6 – CVE-2024-20358 / CVSS: 6.0 Cisco has confirmed that the vulnerabilities CVE-2024-20359 and CVE-2024-20353 are already being exploited and strongly […]

Continue reading

Backdoor in upstream xz/liblzma in various LINUX/SOLARIS distributions – CVE-2024-3094

2024-02-04 In the upstream of the pack program “xz”, concerning the library “liblzma” in versions 5.6.x, a high-risk vulnerability has been actively introduced, which is used in various LINUX/SOLARIS distributions. This allows the authentication function of OpenSSH to be specifically forwarded to malicious code and enables direct access to the system. Our checks have shown […]

Continue reading

Paessler closes XSS vulnerability in PRTG – CVE-2023-51630 – Correction

2024-01-16 Paessler has closed the high-risk vulnerability CVE-2023-51630 in the network monitoring solution PRTG. The XSS vulnerability allows a remote attacker to bypass authentication and take over the session of an active user. Paessler has closed the vulnerability with the new PRTG version 24.1.90.1306 and published further details on https://www.paessler.com/prtg/history/stable. Although the vulnerability can only […]

Continue reading

Paessler closes XSS vulnerability in PRTG – CVE-2023-51630

2024-01-16 Paessler has closed the high-risk vulnerability CVE-2023-51630 in the network monitoring solution PRTG. The XSS vulnerability allows a remote attacker to bypass authentication and take over the session of an active user. Paessler has closed the vulnerability with the new PRTG version 23.4.90.1299 and published further details on https://www.paessler.com/prtg/history/stable. Although the vulnerability can only […]

Continue reading

Critical vulnerability fixed in Trend Micro Worry-Free Business Security

2023-09-21 Trend Micro has fixed the critical vulnerability CVE-2023-41179 in their Worry-Free Business Security solution and provides patch 2495 for version 10.0 SP1. Trend Micro publishes further details in this security bulletin. The Trend Micro Worry-Free Business Security instances delivered by VIVAVIS are operated in a secure network segment that is largely separated from the […]

Continue reading

Meinberg fixes several vulnerabilities in LANTIME Firmware – MBGSA-2023.04

2023-08-17                      Meinberg has released a new firmware version for the LANTIME M and LANTIME IMS series NTP time servers to close several vulnerabilities. Two of the 12 vulnerabilities are rated with a severity level high. The latest version is 7.08.002. For more information on vulnerabilities CVE-2023-2650, CVE-2023-29491, CVE-2023-28322, CVE-2023-28321, CVE-2023-28320, CVE-2023-28319, CVE-2023-1667, CVE-2023-2283, CVE-2023-0361, and […]

Continue reading

Meinberg fixes several Vulnerabilities in LANTIME Firmware – MBGSA-2023.02b

23/03/2023 Update        Security Advisory MBGSA-2023.02 has been updated by the vendor. Another not yet CVE-registered vulnerability was closed in the LTOS web interface. Since the vulnerability can only be exploited by privileged super users, Meinberg rates the severity as low, but recommends an update to firmware version 7.06.013, see updated Meinberg Advisory. 14/03/2023 Meinberg have […]

Continue reading
Call now
Call now +49 7243 218 0
Send Mail
Send Mail info@vivavis.com
Locations & Contact
Locations & Contact Explore now