Shadow Brokers

**Name of the Vulnerable Software and Affected Versions** Oracle Sun Systems Products Suite versions 10 **Description** The issue is related to inadequate access control in the Common Desktop Environment (CDE) component of the Solaris operating system. This allows a low-privileged attacker with local access to the infrastructure where Solaris is executed to compromise Solaris, potentially leading to a takeover. The vulnerability is considered easily exploitable. **Recommendations** For version 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FortiOS versions 4.0.0 through 4.1.10 FortiOS versions 4.2.0 through 4.2.12 FortiOS versions 4.3.0 through 4.3.8 FortiSwitch versions prior to 3.4.3 **Description** The issue is caused by a buffer overflow in the Cookie parser of FortiOS and FortiSwitch firmware. This can be exploited by a remote attacker using a specially crafted HTTP request, potentially allowing the execution of arbitrary code. **Recommendations** For FortiOS versions 4.0.0 through 4.1.10, update to version 4.1.11 or later. For FortiOS versions 4.2.0 through 4.2.12, update to version 4.2.13 or later. For FortiOS versions 4.3.0 through 4.3.8, update to version 4.3.9 or later. For FortiSwitch versions prior to 3.4.3, update to version 3.4.3 or later. As a temporary workaround, consider restricting access to the HTTP endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WatchGuard RapidStream appliances (affected versions not specified) **Description** The issue allows local users to gain privileges and execute arbitrary commands by using a crafted ifconfig command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Adaptive Security Appliance (ASA) Software versions prior to 8.4(1) **Description** The issue is caused by a buffer overflow in the Cisco Adaptive Security Appliance software. It allows an authenticated, local attacker to potentially execute arbitrary code or create a denial of service condition by invoking certain invalid commands in the command-line interface (CLI) parser. **Recommendations** For versions prior to 8.4(1), update to version 8.4(1) or later to resolve the issue. As a temporary workaround, consider restricting access to the CLI interface to minimize the risk of exploitation. Avoid using invalid commands in the CLI to prevent potential arbitrary code execution or denial of service conditions.