We’d like to notify you of the upcoming Ruckus Cloudpath upgrade. It will be carried out between 6pm on 12 January and 8am on 13 January and it’s expected to cause an outage, meaning schools that have migrated to Secure Access will be unable to access the Wi-Fi...
Advisory: RUCKUS access point vulnerability
We’re aware of a vulnerability in the web-based interface used to manage RUCKUS access points that could allow a remote attacker to execute a cross-site scripting (XSS) attack against a user logged on to the interface of the affected device. Please note that Equipment...
Notification: iPads connectivity issue
We’re aware of a global connectivity issue impacting version 15.6 iPad users. It’s a known issue that Apple is working on resolving and we’ll provide an update once a resolution is available. What you can doIf you have a managed iPad please reboot it and if it’s not...
Advisory: Active exploitation of two vulnerabilities (CVE-2022-47966 and CVE-2022-42475)
The US Government CISA has issued an advisory concerning active exploitation of these vulnerabilities earlier in the year.The Fortinet vulnerability (CVE-2022-42475) does not affect schools with N4L-managed Fortinet firewalls.If your school uses an on-premise Zoho...
Advisory: Office and Windows HTML Remote Code Execution vulnerability – CVE-2023-36884
Update 9 Aug 2023: Microsoft have released a patch to fix this vulnerability. You can find more information on this here. We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting Windows and Microsoft Office products. For an attacker to exploit...
Advisory: FortiGate Remote Code Execution vulnerability – CVE-2023-33308
We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting FortiGate devices running FortiOS and FortiProxy. The stack-based overflow vulnerability may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy...
Advisory: Aerohive wireless access points / Extreme Networks unauthenticated Remote Code Execution vulnerability – CVE-2023-35803
We’re aware of a Remote Code Execution (RCE) vulnerability affecting all Aerohive / Extreme Networks access points running HiveOS/Extreme IQ Engine before version 10.6r2. Research has indicated that potential cyber attackers can exploit this vulnerability by...
Advisory: Ruckus Unleashed authenticated Remote Command Execution vulnerability
We’re aware of a vulnerability in the web-based management interface of the Ruckus Unleashed product line that could allow an authenticated, remote attacker to execute arbitrary code on the Ruckus Unleashed system to make changes when “gateway mode” is enabled. Please...
Advisory: Ruckus ICX switch XSS and CSRF vulnerability
We’re aware of a vulnerability (CVE-2023-39904, CVE-2023-39905, CVE-2023-39906) in the web-based management interface of the Ruckus ICX switch product line that could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit...
Advisory: Google ChromeOS vulnerabilities (MS-ISAC 2023-095)
We’re aware of multiple vulnerabilities that have been discovered in Google ChromeOS, the most severe of which could allow a remote attacker to conduct arbitrary code execution. Depending on the privileges associated with the targeted user, an attacker could install...