Cisco has released patches to fix a critical security flaw (CVE-2024-20253) affecting Unified Communications and Contact Center Solutions products, allowing remote attackers to execute arbitrary code on vulnerable devices. The flaw, discovered by security researcher Julien Egloff, affects several Cisco products, and there are no workarounds available. Users are urged to apply the patches or set up access control lists to limit access. This disclosure comes after Cisco recently addressed another critical vulnerability in Unity Connection.
Veeam ONE IT monitoring software has released security updates to address four critical vulnerabilities, including remote code execution and cross-site scripting flaws. Threat actors have previously exploited similar flaws in Veeam backup software to distribute malware. Users are advised to apply the patches and restart the affected services.
Juniper Networks has released an urgent security update to address multiple vulnerabilities in the J-Web component of Junos OS, which could allow remote code execution on affected devices. The four critical flaws affect all versions of Junos OS on SRX and EX Series, with a cumulative CVSS rating of 9.8. By exploiting these vulnerabilities, an unauthenticated attacker could remotely execute code on the devices. Users are advised to apply the necessary patches or disable J-Web to mitigate the risks.
ASUS has released firmware updates to fix nine security bugs, including two critical and six high-severity vulnerabilities, impacting a wide range of router models. The impacted products include GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000, GS-AX5400, GS-AX3000, XT9, XT8, XT8 V2, RT-AX86U PRO, RT-AX86U, RT-AX86S, RT-AX82U, RT-AX58U, RT-AX3000, TUF-AX6000, and TUF-AX5400. ASUS recommends users apply the latest updates as soon as possible to mitigate security risks and periodically audit their equipment.
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. The impacted devices include ATP, USG FLEX, USG FLEX50(W) / USG20(W)-VPN, VPN, and ZyWALL/USG. Security researchers from TRAPA Security and STAR Labs SG have been credited with discovering and reporting the flaws.
Cisco has released firmware updates to address nine security flaws in its Small Business Series Switches that could allow an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature. Cisco will not release firmware updates for some of the affected products as they have entered the end-of-life process. Users are recommended to apply the patches to mitigate potential threats.
