This blog post provides a short overview of the most interesting vulnerabilities disclosed this week, including flaws impacting Cisco IOS XE Software, various plugins for WordPress, FoxRider software, and more.
Cisco has addressed several vulnerabilities (CVE-2020-3141, CVE-2020-3425) in its IOS XE Software that could allow a remote attacker to escalate privileges on the system.
Libass, a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format, contains a high risk vulnerability using which a remote attacker could execute arbitrary code on a target system. The issue affects libass v0.14.0. Note! The patch for this flaw is not available.
The developer of cybersecurity products and services Fortinet released an update to fix two vulnerabilities in its FortiOS operating system. One of them, CVE-2020-12819, can be exploited to perform a denial-of-service attack, while the second (CVE-2020-12820) allows remote code execution.
Two popular industrial remote access systems, B&R Automation's SiteManager and GateManager, and MB Connect Line's mbCONNECT24, contain dangerous security flaws that can be exploited to prevent access to industrial production floors, break into company networks, tamper with data, or steal sensitive business secrets.
Two high severity flaws (CVE-2020-17413, CVE-2020-17412) have been discovered in Foxit 3D Plugin Beta that could allow a remote attacker to execute arbitrary code or compromise a vulnerable system. Another vulnerability classified as a medium risk (CVE-2020-17411) could be used to gain access to sensitive information.
Foxit Reader and PhantomPDF solutions are plagued by multiple issues, the most severe of which could allow a remote attacker to compromise the affected system.
Also, multiple WordPress plugins have a vulnerability, which allows a remote attacker to gain unauthorized access to otherwise restricted functionality. The affected software includes the Transcend theme for WordPress, the Regina Lite theme for WordPress, the MedZone Lite theme for WordPress, and the Brilliance theme for WordPress.