Rewterz

Rewterz Threat Advisory – CVE-2021-1230 – Cisco Nexus 9000 Series Fabric Switches denial of service

February 26, 2021
Rewterz

Rewterz Threat Advisory – Microsoft Remote Desktop Web Access information disclosure

March 1, 2021

Rewterz Threat Advisory – CVE-2021-22661 – ICS:ProSoft Technology ICX35

Severity

High

Analysis Summary

CVE-2021-22661

Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password.

Impact

  • Privilege escalation
  • Access Controls

Affected Vendors

ProSoft Technology

Affected Products

  • ICX35-HWC-A Versions 1.9.62 and prior
  • ICX35-HWC-E Versions 1.9.62 and prior

Remediation

ProSoft Technology recommends users update the product’s firmware to Version 1.10.30

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.