A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, 7.0.0 up to and including 7.0.9 and prior to 6.4.11 allows a privileged malicious user to read and write files on the underlying Linux system via crafted CLI commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortios |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And it's already being exploited in the wild, probably
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment. The remote code execution vulnerability, tracked as CVE-2023-27997, was spotted and disclosed by Lexfo security analysts Charles Fol and Dany Bach. Fortinet has warned the bug looks to have been exploited in the wild already. The security flaw lies within the SSL-VPN, so if you have that enabled, you are potentially vulnerable to attack. "This is reachable pre-authentication, ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party
Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix. First up: prioritize patching CVE-2023-23397, a privilege elevation bug in Microsoft Outlook that received a 9.8 out of 10 CVSS rating. While details of the hole haven't been publicly disclosed, it has already been exploited in the wild, and Microsoft lists its...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Looks to be the same baddies attacking VMware hypervisors last year
Suspected Chinese spies have exploited a critical Fortinet bug, and used custom networking malware to steal credentials and maintain network access, according to Mandiant security researchers. Fortinet fixed the path transversal vulnerability in FortiOS, tracked as CVE-2022-41328, earlier this month. So get patching, if you haven't already. A few days later, the vendor released a more detailed analysis. It indicated that miscreants were using the flaw in an attempt to attack large organizat...