The bugs lie within a configuration tool known as the Traffic Management User Interface. Successful exploitation allows an attacker to create or delete files, disable services, intercept information, run arbitrary system commands and Java code, completely compromise the system, and pursue further targets, such as the internal network.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Microsoft has discovered flaws residing in the Windows Codecs Library, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet. Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions.
Sophos discovered an XG Firewall v17.x vulnerability regarding access to physical and virtual units configured with the user portal exposed on the WAN. This was a previously unknown buffer overflow vulnerability in the user portal HTTP/S bookmark feature.
Apache released a security advisory to address a vulnerability in Apache Tomcat where an attacker could exploit this vulnerability to cause a denial-of-service condition.