A security flaw can allow an unauthenticated attacker to remotely conduct a cross site scripting (XSS) attack against a user of the web services interface. Enterprises should patch their Cisco ASA Software and Firepower Software as soon as possible.
The Federal Bureau of investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory warning that 3 Fortinet CVEs (CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591) are being leveraged to gain a foothold in government agency and commercial networks to be exploited in the future.
F5 has released patches for several BIG-IP and BIG-IQ critical vulnerabilities. CVE-2021-22986 is the most critical since it allows unauthenticated attackers with network access to use the iControl REST interface, via the BIG-IP management interface and self IP addresses, to execute system commands that could lead to complete system compromise.