A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 up to and including 7.2.2, 7.0.0 up to and including 7.0.8, 6.4.0 up to and including 6.4.10, 6.2.0 up to and including 6.2.11, 6.0.15 and previous versions and FortiProxy SSL-VPN 7.2.0 up to and including 7.2.1, 7.0.7 and previous versions may allow a remote unauthenticated malicious user to execute arbitrary code or commands via specifically crafted requests.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
fortinet fortiproxy 7.2.0
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: Taiwan’s new supercomputer; China-linked cybercrims strike; Australian content clampdown; and more What keeps this FBI director up at night? China’s AI work, for one
Asia In Brief India's IT minister has signaled he is willing to revisit a proposal to use government fact checkers to decide what is fake news that should be removed from social media.
In remarks made to Indian outlet The Economic Times, minister of state for electronics and IT Rajeev Chandrasekhar said the government's plan was to "crack down on enemies of India, state actors, those with vested interests, child sexual abuse, and religious incitement" – but not on general news or comment...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus there's a PoC for this unpatched Cisco bug
Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited in the wild – and another that's publicly known.
That brings its total for December to 49 patched vulnerabilities, six of which are rated critical.
The bug that's listed as exploited-in-the-wild is tracked as CVE-2022-44698. It's a Windows SmartScreen security feature bypass vulnerability, and it received a 5.4 CVSS rating.
"An attacker can craft a malicious file that ...