A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote malicious user to execute arbitrary code or commands via specifically crafted requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortios |
||
fortinet fortios-6k7k 7.0.5 |
||
fortinet fortios-6k7k 7.0.10 |
||
fortinet fortios-6k7k 6.4.8 |
||
fortinet fortios-6k7k 6.4.6 |
||
fortinet fortios-6k7k 6.4.2 |
||
fortinet fortios-6k7k 6.4.12 |
||
fortinet fortios-6k7k 6.4.10 |
||
fortinet fortios-6k7k 6.2.9 |
||
fortinet fortios-6k7k 6.2.7 |
||
fortinet fortios-6k7k 6.2.6 |
||
fortinet fortios-6k7k 6.2.4 |
||
fortinet fortios-6k7k |
||
fortinet fortios-6k7k 6.0.16 |
||
fortinet fortios-6k7k 6.0.15 |
||
fortinet fortios-6k7k 6.0.14 |
||
fortinet fortios-6k7k 6.0.13 |
||
fortinet fortios-6k7k 6.0.12 |
||
fortinet fortios-6k7k 6.0.10 |
Fortinet warns of critical RCE bug in endpoint management software By Sergiu Gatlan March 13, 2024 02:48 PM 0 Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices. The security flaw (C...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And it's already being exploited in the wild, probably
Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment. The remote code execution vulnerability, tracked as CVE-2023-27997, was spotted and disclosed by Lexfo security analysts Charles Fol and Dany Bach. Fortinet has warned the bug looks to have been exploited in the wild already. The security flaw lies within the SSL-VPN, so if you have that enabled, you are potentially vulnerable to attack. "This is reachable pre-authentication, ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources That's a vulnerability that's under attack, fix available ... cancel those July 4th plans, perhaps?
More than 338,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical bug Fortinet fixed last month that's being exploited in the wild. This is according to infosec outfit Bishop Fox, which has developed an example exploit for achieving remote code execution via the hole. Successful exploitation of the pre-authentication vulnerability can allow an intruder to take over the network equipment. Bishop Fox warned: "You should patch yours now." Fortinet did not respon...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources A huge attack surface for a vulnerability with various PoCs available
The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 – down only slightly from more than 150,000 ten days prior. Fortinet patched CVE-2024-21762 in early February, well over a month ago. It's a 9.6 severity vuln...