Tanzania Computer Emergency Response Team

CISCO IOS XE SOFTWARE WEB UI PRIVILEGE ESCALATION VULNERABILITY CVE-2023-20198

20th October 2023

Advisory No: TZCERT/SA/2023/10/20 Date of First Release: 20th October 2023 Source: CISCO Software Affected: Cisco IOS XE Software Overview: Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when …

Cisco Security Update

18th October 2023

Cisco has released security updates to address a vulnerability in Cisco IOS XE Software. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review the Cisco Security Advisory and apply necessary updates.

Chrome Security Update

18th October 2023

Google has released security updates to address vulnerabilities in Chrome Dev for Desktop. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review Chrome Security Releases and apply necessary updates.

Oracle Linux Security Update

18th October 2023

Oracle has released security updates to address vulnerabilities in Oracle Linux OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review Oracle Security Advisories dated 17th October 2023 and apply necessary updates.

SUSE Security Update

18th October 2023

SUSE has released security updates to address vulnerabilities in SUSE OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators are encouraged to review SUSE Security Advisories dated 17th October 2023 and apply necessary updates.

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

CISCO IOS XE SOFTWARE WEB UI PRIVILEGE ESCALATION VULNERABILITY CVE-2023-20198

Cisco Security Update

Chrome Security Update

Oracle Linux Security Update

SUSE Security Update

Subscribe to Receive Regular Updates

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

OS Command Injection Vulnerability in PAN-OS GlobalProtect (CVE-2024-3400)

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

AIKit 4.14.1 Authenticated SQL Injection (CVE-2024-31370)

Critical remote code execution vulnerability in XZ Library (CVE-2024-3094)