Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their Updates Channel.
Multiple vulnerabilities found with desktop version of Google Chrome prior to version 123.0.6312.86
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
An authenticated victim who is connected to the network must be tricked or persuaded to connect to a malicious SQL database using their SQL client application.
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox.
An attacker could host a specially crafted website designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website.
ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
CRN®, a brand of The Channel Company, has named Cornerstone.IT to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2024.
Leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim’s behalf.
A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.