We’re aware of a critical vulnerability impacting XZ Utils, where malicious code was inserted into a library that could allow for remote code execution via Secure Shell Protocol (SSH). XZ is a general-purpose data compression format present in nearly every Linux...
Advisory: Microsoft Exchange Server and Outlook vulnerabilities
We're aware of two critical zero day vulnerabilities impacting the following Microsoft products: Exchange Server (CVE-2024-21410) Outlook (CVE-2024-21413) Microsoft has released security updates for both vulnerabilities. If you have an Exchange Server, we recommend...
Advisory: Apache Struts 2 vulnerability (CVE-2023-50164)
We’re aware of a vulnerability with the Apache Struts 2 application framework, which is used to develop web applications, that could allow an attacker to upload malicious files and run remote code execution (RCE) on the target server. Schools using products impacted...
Advisory: RUCKUS access point vulnerability
We’re aware of a vulnerability in the web-based interface used to manage RUCKUS access points that could allow a remote attacker to execute a cross-site scripting (XSS) attack against a user logged on to the interface of the affected device. Please note that Equipment...
Advisory: Active exploitation of two vulnerabilities (CVE-2022-47966 and CVE-2022-42475)
The US Government CISA has issued an advisory concerning active exploitation of these vulnerabilities earlier in the year.The Fortinet vulnerability (CVE-2022-42475) does not affect schools with N4L-managed Fortinet firewalls.If your school uses an on-premise Zoho...
Advisory: Google ChromeOS vulnerabilities (MS-ISAC 2023-095)
We’re aware of multiple vulnerabilities that have been discovered in Google ChromeOS, the most severe of which could allow a remote attacker to conduct arbitrary code execution. Depending on the privileges associated with the targeted user, an attacker could install...
Advisory: Ruckus ICX switch XSS and CSRF vulnerability
We’re aware of a vulnerability (CVE-2023-39904, CVE-2023-39905, CVE-2023-39906) in the web-based management interface of the Ruckus ICX switch product line that could allow a remote attacker to execute XSS and CSRF attacks against the user of the interface. To exploit...
Advisory: Ruckus Unleashed authenticated Remote Command Execution vulnerability
We’re aware of a vulnerability in the web-based management interface of the Ruckus Unleashed product line that could allow an authenticated, remote attacker to execute arbitrary code on the Ruckus Unleashed system to make changes when “gateway mode” is enabled. Please...
Advisory: New vulnerabilities affecting PaperCut MF/NG
PaperCut have released a new patch for Papercut NG/MF to address multiple vulnerabilities which are currently being exploited. If you are using this product, we recommend you upgrade your PaperCut application to version 22.1.3. Please follow the instructions on...
Advisory: Aerohive wireless access points / Extreme Networks unauthenticated Remote Code Execution vulnerability – CVE-2023-35803
We’re aware of a Remote Code Execution (RCE) vulnerability affecting all Aerohive / Extreme Networks access points running HiveOS/Extreme IQ Engine before version 10.6r2. Research has indicated that potential cyber attackers can exploit this vulnerability by...