Rodney Beede

**Name of the Vulnerable Software and Affected Versions** Linksys WiFi extender products (RE6400 and RE6300) versions 1.2.04.022 and earlier **Description** The issue concerns unsanitized user input in the web interface, allowing for remote command execution. This enables an attacker to access system OS configurations and commands not intended for use beyond the web UI. **Recommendations** For Linksys WiFi extender products (RE6400 and RE6300) versions 1.2.04.022 and earlier, consider disabling remote access to the web interface until a fix is available. Restrict access to system OS configurations and commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered, allowing attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request. **Recommendations** For versions 6.5.0 through 6.5.68, consider disabling the use of Flash to mitigate the risk of exploitation until a patch is available. Restrict access to API endpoints to minimize the risk of CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** McAfee Managed Agent (MA) versions prior to 4.5.0.1927 McAfee Managed Agent (MA) version 4.6 before 4.6.0.3258 **Description** The issue allows remote attackers to cause a denial of service, resulting in a service crash, via a malformed HTTP request. **Recommendations** For versions prior to 4.5.0.1927, update to version 4.5.0.1927 or later. For version 4.6 before 4.6.0.3258, update to version 4.6.0.3258 or later.