Home
IOS-Collector
Connect Factory
Full Dentures
3D Printing
About us
Submit a ticket

Information Security

Topic Category ZAnGeSa Information Further Information
CVE-2024-21762 Fortinet FortiOS RCE (Remote Code Execution) Vulnerability in SSL-VPN ZAnGeSa has become aware of a security vulnerability in FortiOS-based SSL-VPN devices; this vulnerability allows unauthenticated remote code execution (RCE) (Disclosure: CVE-2024-21762). cool-IT does not use this technology in the FortiOS devices used.  
CVE-2022-30190 MSDT on Windows Remote Code Execution Vulnerability On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. MSDT is a tool on Windows 10/8/7. The vulnerability when exploited allows malicious code execution on a client computer. Guidance issued by Microsoft advises to block the invocation of MSDT through links.
log4j 0-day Vulnerability The now widely known 0-day vulnerability in the Apache log4j library, which poses a significant risk worldwide due to the library’s widespread use in Java applications, is harmless to the software supplied by ZAnGeSa because we do not use any Apache components in our software. Infrastructure components were checked for compatibility with the library and are running with the latest security patches. CERT.AT: https://cert.at/de/warnungen/2021/12/kritische-0-day-sicherheitslucke-in-apache-log4j-bibliothek
Spring4Shel remote code execution vulnerability Spring delivers an emergency update. for the known vulnerability, which can presumably be exploited simply via an HTTP request (web shell and code execution possible). Spring is a Java framework that is not used in ZAnGeSa Software. Our infrastructure components are continuously reviewed and updated. CERT.AT: https://www.bleepingcomputer.com/news/security/spring-patches-leaked-spring4shell-zero-day-rce-vulnerability/
CrowdStrike Blue Screens of Death (BSOD) CrowdStrike sells security products and services. Windows systems that have a CrowdStrike product installed and a specific update installed may be crippled by a “Blue Screen of Death” (BSOD). CrowdStrike emphasizes that this is not a cybersecurity incident and not the result of malicious activity. An update for CrowdStrike products has been released and can be applied if an affected device is first started in safe mode and the malicious update is removed. Cool-IT does not use CrowdStrike products and is therefore not affected.