The flaw, tracked as CVE-2022-30525, affects ATP, VPN and USG FLEX series firewalls. The vulnerability can be exploited by a remote, unauthenticated attacker for arbitrary code execution as the “nobody” user. The affected products are recommended for businesses and they provide VPN, SSL inspection, intrusion protection, web filtering and email security capabilities. The Shodan search…

The impacted devices include the SMA 200, 210, 400, 410, and 500 edge network access control systems that have the Web Application Firewall (WAF) enabled. The most severe of these vulnerabilities is CVE-2021-20038 (CVSS score of 9.8), an unauthenticated stack-based buffer overflow that could lead to remote code execution (RCE) as the ‘nobody’ user. “The…

To accommodate remote work policies amid COVID-19, companies have increasingly adopted the public cloud to support off-site business continuity. A MarketsandMarkets analysis found that due to the impact of the current crisis, the cloud market is expected to grow from $233 billion in 2019 to $295 billion by 2021. The transition to remote work by…