SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Cisco Security Manager contains exploits that could allow attackers to execute remote code
Description: Cisco disclosed three significant vulnerabilities in its Security Manager software that the company urged users to patch immediately. An attacker could leverage these vulnerabilities to execute arbitrary code and download files on the victim's targeted device -- even without credentials. One of the bugs is considered to be critical while the others are high-severity. These vulnerabilities affect Cisco Security Manager releases 4.22 and earlier.
Snort SIDs: 56408 - 56423
Title: Vulnerabilities in Pixar OpenUSD affect some versions of macOS
Description: Pixar OpenUSD contains multiple vulnerabilities that attackers could exploit to carry out a variety of malicious actions. ixar uses this software for several types of animation tasks, including swapping arbitrary 3-D scenes that are composed of many different elements. Aimed at professional animation studios, the software is designed for scalability and speed as a pipeline connecting various aspects of the digital animation process. It is mostly expected to process trusted inputs in most use cases. By default, on macOS, both a thumbnail and a preview handler are registered for USD file formats through QuickLook. The default application to open USD files is the Preview application. On iOS, the AR application is the default handler. A USD file can be embedded in a web page or sent in a message and an AR application is opened when the file is clicked, which therefore opens some Mac operating systems to be vulnerable to these bugs.
Snort SIDs: 54415, 54416, 54467 - 54472, 54488 - 54493, 54922, 54923