A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.11, 6.0.15 and previous versions and FortiProxy SSL-VPN 7.2.0 up to and including 7.2.1, 7.0.7 and previous versions may allow a remote unauthenticated malicious user to execute arbitrary code or commands via specifically crafted requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortios |
||
fortinet fortiproxy |
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks By Sergiu Gatlan April 11, 2025 12:08 PM 0 Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. Earlier this week, Fortinet began sending emails to customers warning that their FortiGate/FortiOS devices were compromised based on telemetry received from FortiGuard devices...
Fortinet warns of new critical FortiManager flaw used in zero-day attacks By Lawrence Abrams October 23, 2024 11:05 AM 0 Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails se...
CISA says critical Fortinet RCE flaw now exploited in attacks By Sergiu Gatlan October 9, 2024 06:07 PM 0 Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don't requir...
NoName ransomware gang deploying RansomHub malware in recent attacks By Bill Toulas September 10, 2024 06:35 AM 0 The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. The gang uses custom tools known as the Spacecolon malware family, and deploys them after gaining access to a network through brute-force methods as well as explo...
Exploit released for maximum severity Fortinet RCE bug, patch now By Sergiu Gatlan May 28, 2024 12:16 PM 0 Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a command injection vulnerability discovered and reported by Horizon3 vulnerability expert Zach Hanley that enables remote command e...
Fortinet warns of critical RCE bug in endpoint management software By Sergiu Gatlan March 13, 2024 02:48 PM 0 Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices. The security flaw (C...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions
Dutch authorities are lifting the curtain on an attempted cyberattack last year at its Ministry of Defense (MoD), blaming Chinese state-sponsored attackers for the espionage-focused intrusion. Specialists from the Netherlands' Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) were called in to investigate an intrusion at an MOD network last year, uncovering a previously unseen malware they're calling Coathanger. The name, authorities said,...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Dutch intelligence says at least 20,000 firewalls pwned in just a few months
The Netherlands' cybersecurity agency (NCSC) says the previously reported attack on the country's Ministry of Defense (MoD) was far more extensive than previously thought. The NCSC first published details of a Chinese state-sponsored malware campaign in February, but has continued to investigate the case along with the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD). The attackers were using stealthy malware the NCSC calls Coathanger aft...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: Taiwan’s new supercomputer; China-linked cybercrims strike; Australian content clampdown; and more What keeps this FBI director up at night? China’s AI work, for one
Asia In Brief India's IT minister has signaled he is willing to revisit a proposal to use government fact checkers to decide what is fake news that should be removed from social media. In remarks made to Indian outlet The Economic Times, minister of state for electronics and IT Rajeev Chandrasekhar said the government's plan was to "crack down on enemies of India, state actors, those with vested interests, child sexual abuse, and religious incitement" – but not on general news or comment. Over...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus there's a PoC for this unpatched Cisco bug
Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited in the wild – and another that's publicly known. That brings its total for December to 49 patched vulnerabilities, six of which are rated critical. The bug that's listed as exploited-in-the-wild is tracked as CVE-2022-44698. It's a Windows SmartScreen security feature bypass vulnerability, and it received a 5.4 CVSS rating. "An attacker can craft a malicious file that would evade Mark o...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And it's already being exploited in the wild, probably
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment. The remote code execution vulnerability, tracked as CVE-2023-27997, was spotted and disclosed by Lexfo security analysts Charles Fol and Dany Bach. Fortinet has warned the bug looks to have been exploited in the wild already. The security flaw lies within the SSL-VPN, so if you have that enabled, you are potentially vulnerable to attack. "This is reachable pre-authentication, ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources From targeted espionage to pre-positioning - not that they are mutually exclusive
The Chinese government's intrusions into America's telecommunications and other critical infrastructure networks this year appears to signal a shift from cyberspying as usual to prepping for destructive attacks. The FBI and other US federal agencies rang in 2024 boasting about disrupting a Chinese botnet composed of "hundreds" of outdated routers intent on breaking into US critical infrastructure facilities. Spoiler alert: the botnet is back. This same government-backed crew also compromised at ...