Brandon Vincent

**Name of the Vulnerable Software and Affected Versions** DuraComm SPM-500 DP-10iN-100-MU DuraComm DP-10iN-100-MU **Description** The software is susceptible to a cross-site scripting attack, potentially preventing legitimate users from accessing the web interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DuraComm SPM-500 DP-10iN-100-MU (affected versions not specified) **Description** The device lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DuraComm SPM-500 DP-10iN-100-MU (affected versions not specified) **Description** The device transmits sensitive data without encryption, potentially allowing attackers to intercept it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ENS Control browser extension versions prior to 10.7.0 Update 15 **Description** A content-security-policy vulnerability allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. **Recommendations** For versions prior to 10.7.0 Update 15, update to version 10.7.0 Update 15 or later to resolve the issue. As a temporary workaround, consider restricting access to the browser extension until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PAN-OS versions prior to 8.1.19 PAN-OS versions prior to 9.0.14 PAN-OS versions prior to 9.1.10 **Description** An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. **Recommendations** For PAN-OS versions prior to 8.1.19, update to version 8.1.19 or later. For PAN-OS versions prior to 9.0.14, update to version 9.0.14 or later. For PAN-OS versions prior to 9.1.10, update to version 9.1.10 or later.