164 matches found
KRACK Vulnerability Puts Medical Devices At Risk
A slew of devices from medical technology company Becton, Dickinson and Company BD are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in...
BD Pyxis
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Public exploits are available. Vendor : Becton, Dickinson and Company BD Equipment : Certain BD Pyxis Products Vulnerability : Reusing a Nonce 2. RISK EVALUATION Successful exploitation of this vulnerability could allow data traffic manipulation,...
pfSense < 2.3.5 Multiple Vulnerabilities (KRACK)
According to its self-reported version number, the remote pfSense install is affected by multiple vulnerabilities as stated in the referenced vendor advisories. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid109037; scriptversion"1.13";...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.30 and fixes at least the following security issues: The KPTI mitigation for Meltdown CVE-2017-5754 on 32bit x86 has been updated to revision 4. A flaw was found in the Linux kernel implementation of 32 bit syscall interface for bridging allowing a...
Debian: Security Advisory (DLA-1150-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : hostapd (2017-fc21e3856b) (KRACK)
Latest hostapd release with KRACK patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 27 : 1:wpa_supplicant (2017-f45e844a85) (KRACK)
Fix the for the Key Reinstallation Attacks ========================================== - hostapd: Avoid key reinstallation in FT handshake CVE-2017-13082 - Fix PTK rekeying to generate a new ANonce - Prevent reinstallation of an already in-use group key and extend protection of GTK/IGTK...
HPSBPI03574 rev. 2 - WPA, WPA2 Key Reinstallation Attacks (KRACK attacks) Potential Remote Disclosure of Information: Certain HP Enterprise Printer and MFP products, Certain HP PageWide Printer and MFP Products, HP Jetdirect Accessory Products
Potential Security Impact Remote disclosure of information. Source:Mathy Vanhoef of imec-DistriNet, KU Leuven VULNERABILITY SUMMARY A potential security vulnerability has been identified with certain HP Printers and MFPs, and HP JetDirect Networking accessories using WPA or WPA2. This vulnerabili...
HP Printing Security Advisory - KRACK Attacks Potential Vulnerabilities
Potential Security Impact KRACK Attacks VULNERABILITY SUMMARY On October 16, security researchers publicly announced vulnerabilities in the WiFi WPA2 standard. See the References section below for links to additional resources describing the KRACK Attacks WPA2 potential vulnerabilities in detail...
Juniper ScreenOS 6.3 SSG-5 and SSG-20 (KRACK)
The version of Juniper ScreenOS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper's products do not support Fast BSS Transition...
Junos OS 12.1X46 SRX 210, 240, 650 series firewalls (KRACK)
The version of Juniper Junos OS installed on the remote host is affected by multiple vulnerabilities related to the KRACK attacks. This may allow an attacker to decrypt, replay, and forge some frames on a WPA2 encrypted network. Note that Juniper's products do not support Fast BSS Transition...
Security Bulletin: NVIDIA Linux for Tegra (L4T) “KRACK” vulnerabilities
Vulnerability Details The following section summarizes the vulnerabilities. Descriptions use CWE™ and risk assessments follow CVSS. CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 L4T ships with a...
PEPPERL+FUCHS/ecom instruments WLAN Capable Devices using the WPA2 Protocol
CVSS v3 8.1 ATTENTION: Low skill level is needed to exploit. Public exploits are available. Vendor: PEPPERL+FUCHS/ecom instruments Equipment: WLAN capable devices using the WPA2 Protocol Vulnerabilities: Reusing a Nonce AFFECTED PRODUCTS PEPPERL+FUCHS/ecom instruments reports that these...
openSUSE Security Update : kernel-firmware (openSUSE-2017-1317) (KRACK)
This update for kernel-firmware fixes the following issues : - Update Intel WiFi firmwares for the 3160, 7260 and 7265 adapters. Security issues fixed are part of the 'KRACK' attacks affecting the firmware : - CVE-2017-13080: The reinstallation of the Group Temporal key could be used for replay...
About the security content of AirPort Base Station Firmware Update 7.7.9 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
About the security content of AirPort Base Station Firmware Update 7.6.9
About the security content of AirPort Base Station Firmware Update 7.6.9 This document describes the security content of AirPort Base Station Firmware Update 7.6.9. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an...
About the security content of AirPort Base Station Firmware Update 7.7.9
About the security content of AirPort Base Station Firmware Update 7.7.9 This document describes the security content of AirPort Base Station Firmware Update 7.7.9. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an...
SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16649: The usbnetgenericcdcbind function in drivers/net/usb/cdcether.c in the Linux kernel allowed local users to cause a denial of service...
openSUSE: Security Advisory for kernel-firmware (openSUSE-SU-2017:3144-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3158-1) (KRACK)
This update for the Linux Kernel 3.12.74-606460 fixes several issues. The following security issues were fixed : - CVE-2017-15649: net/packet/afpacket.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data structures,...