home.social
Sign in Create account

#fortimanager — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #fortimanager, aggregated by home.social.

  1. Hackread.com @[email protected] ·

    A coordinated brute-force campaign has targeted Fortinet SSL VPNs, over 780 unique IPs launched credential attacks on August 3, followed by a change of target from FortiOS to FortiManager.

    Read: hackread.com/brute-force-campa

    #Cybersecurity #Fortinet #BruteForce #CyberAttack #FortiOS #FortiManager

    #cybersecurity #fortinet #bruteforce #cyberattack #fortios #fortimanager
  2. Not Simon @[email protected] ·

    Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:

    • FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
    • FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
    • FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
    • FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
    • FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
    • FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
    • FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
    • FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
    • FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
    • FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
    • FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
    • FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
    • FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)

    #PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy

    #patchtuesday #fortinet #fortimanager #vulnerability #fortisandbox #fortios