#fortios — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fortios, aggregated by home.social.
-
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
-
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
-
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
-
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
-
Si vous administrez des FortiGate/FortiOS : des admins signalent un contournement du patch de la vulnérabilité critique CVE-2025-59718 (FortiCloud SSO https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ) → compromission possible même sur des firewalls « patchés » (ex. 7.4.9/7.4.10).
( https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ )
Préreq : “Allow administrative login using FortiCloud SSO” activé (souvent après enregistrement FortiCare).
Mitigation : désactiver admin-forticloud-sso-login + restreindre l’accès admin + vérifier logs/nouveaux comptes.
Chaîne d'exploitation: CVE-2025-59718 (+ CVE-2025-59719 côté FortiWeb) ➡️ envoi de messages SAML forgés ➡️ bypass de vérification de signature ➡️ accès admin non autorisé.
[Références]
"Fortinet admins report patched FortiGate firewalls getting hacked"
👇
https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/ -
A coordinated brute-force campaign has targeted Fortinet SSL VPNs, over 780 unique IPs launched credential attacks on August 3, followed by a change of target from FortiOS to FortiManager.
Read: https://hackread.com/brute-force-campaign-fortinet-ssl-vpn-coordinated-attack/
#Cybersecurity #Fortinet #BruteForce #CyberAttack #FortiOS #FortiManager
-
#BSI WID-SEC-2025-1026: [NEU] [hoch] #Fortinet #FortiOS, #FortiProxy #und #FortiSwitch: Schwachstelle ermöglicht Privilegieneskalation
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1026
-
#BSI WID-SEC-2025-1026: [NEU] [hoch] #Fortinet #FortiOS, #FortiProxy #und #FortiSwitch: Schwachstelle ermöglicht Privilegieneskalation
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1026
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit – Source: www.securityweek.com https://ciso2ciso.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #CVE-2022-42475 #CVE-2023-27997 #CVE-2024-21762 #securityweek #ThreatMon #FEATURED #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit – Source: www.securityweek.com https://ciso2ciso.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #CVE-2022-42475 #CVE-2023-27997 #CVE-2024-21762 #securityweek #ThreatMon #FEATURED #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit – Source: www.securityweek.com https://ciso2ciso.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #CVE-2022-42475 #CVE-2023-27997 #CVE-2024-21762 #securityweek #ThreatMon #FEATURED #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit – Source: www.securityweek.com https://ciso2ciso.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #vulnerabilities #securityweekcom #CVE-2022-42475 #CVE-2023-27997 #CVE-2024-21762 #securityweek #ThreatMon #FEATURED #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit https://www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/ #Malware&Threats #Vulnerabilities #CVE202242475 #CVE202327997 #CVE202421762 #ThreatMon #Fortinet #FortiOS
-
Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns – Source: securityaffairs.com https://ciso2ciso.com/symbolic-link-trick-lets-attackers-bypass-fortigate-patches-fortinet-warns-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Fortinet #FortiOS #hacking
-
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices https://www.helpnetsecurity.com/2025/04/11/fortios-fortigate-vulnerabilities-symlink-trick-limited-access/ #vulnerability #Don'tmiss #Hotstuff #Fortinet #FortiOS #News #BSI
-
CISA added two Known Exploited Vulnerabilities (KEV) to its catalog that pose a risk to federal enterprise. The flaws were in Fortinet's FortiOS and FortiProxy.
Read TechNadu's report: https://www.technadu.com/cisa-warns-of-github-action-and-fortinet-authentication-bypass-flaws-ongoing-exploitation/581039/
-
CISA added two Known Exploited Vulnerabilities (KEV) to its catalog that pose a risk to federal enterprise. The flaws were in Fortinet's FortiOS and FortiProxy.
Read TechNadu's report: https://www.technadu.com/cisa-warns-of-github-action-and-fortinet-authentication-bypass-flaws-ongoing-exploitation/581039/
-
FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! – Source:hackread.com https://ciso2ciso.com/fortios-vulnerability-allows-super-admin-privilege-escalation-patch-now-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #cybersecurity #Vulnerability #Hackread #security #FortiOS
-
FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! https://hackread.com/fortios-vulnerability-super-admin-privilege-escalation/ #Cybersecurity #Vulnerability #Security #FortiOS
-
🚨 A critical #FortiOS vulnerability (CVE-2024-40591) allows privilege escalation to super-admin level! Affected versions: 7.6.0, 7.4.x, 7.2.x, 7.0.x, and all 6.4. Update ASAP!
Read: https://hackread.com/fortios-vulnerability-super-admin-privilege-escalation/
-
В тренде VM: под угрозой продукты Microsoft и Fortinet, а также архиватор 7-Zip
Хабр, привет! И вновь на связи я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. В новый дайджест мы отнесли к трендовым восемь уязвимостей.
https://habr.com/ru/companies/pt/articles/881550/
#трендовые_уязвимости #microsoft #ole #rce #websocket #nodejs #fortios #7zip #maxpatrol_vm #управление_уязвимостями
-
В тренде VM: под угрозой продукты Microsoft и Fortinet, а также архиватор 7-Zip
Хабр, привет! И вновь на связи я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. В новый дайджест мы отнесли к трендовым восемь уязвимостей.
https://habr.com/ru/companies/pt/articles/881550/
#трендовые_уязвимости #microsoft #ole #rce #websocket #nodejs #fortios #7zip #maxpatrol_vm #управление_уязвимостями
-
В тренде VM: под угрозой продукты Microsoft и Fortinet, а также архиватор 7-Zip
Хабр, привет! И вновь на связи я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. В новый дайджест мы отнесли к трендовым восемь уязвимостей.
https://habr.com/ru/companies/pt/articles/881550/
#трендовые_уязвимости #microsoft #ole #rce #websocket #nodejs #fortios #7zip #maxpatrol_vm #управление_уязвимостями
-
#BSI WID-SEC-2025-0321: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Schwachstelle ermöglicht Codeausführung
Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0321
-
#BSI WID-SEC-2025-0321: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Schwachstelle ermöglicht Codeausführung
Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0321
-
#fortiguard #psirt #fortios #security https://fortiguard.fortinet.com/psirt/FG-IR-24-535 lol :clippy: :cate: :KEKW:
-
#fortiguard #psirt #fortios #security https://fortiguard.fortinet.com/psirt/FG-IR-24-535 lol :clippy: :cate: :KEKW:
-
#fortiguard #psirt #fortios #security https://fortiguard.fortinet.com/psirt/FG-IR-24-535 lol :clippy: :cate: :KEKW:
-
"Explotación masiva" de los firewalls de Fortinet con ataques de día cero 0-day https://blog.elhacker.net/2025/01/explotacion-masiva-firewalls-fortinet-ataques-0-day.html #vulnerabilidad #firewall #fortinet #fortios #0-day #cve
-
#Fortinet have dropped 29 security updates today, 14 of which are rated "high" or "critical". Have fun everyone. (Fortunately, only one 'low' affects our stuff but FFS, come on)
-
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) https://www.helpnetsecurity.com/2024/10/15/cve-2024-23113/ #vulnerability #Shadowserver #enterprise #Don'tmiss #WatchTowr #Hotstuff #Fortinet #FortiOS #News #CVE
-
Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP https://thecyberexpress.com/weekly-vulnerability-report-security-flaws/ #criticalvulnerabilities #ThreatIntelligenceNews #TheCyberExpressNews #CybersecurityNews #VulnerabilityNews #PHPvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #FortiOS #GitHub
-
Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP https://thecyberexpress.com/weekly-vulnerability-report-security-flaws/ #criticalvulnerabilities #ThreatIntelligenceNews #TheCyberExpressNews #CybersecurityNews #VulnerabilityNews #PHPvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #FortiOS #GitHub
-
Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP https://thecyberexpress.com/weekly-vulnerability-report-security-flaws/ #criticalvulnerabilities #ThreatIntelligenceNews #TheCyberExpressNews #CybersecurityNews #VulnerabilityNews #PHPvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #FortiOS #GitHub
-
Weekly Vulnerability Report: Critical Security Flaws Identified by Cyble in GitHub, FortiOS, and PHP https://thecyberexpress.com/weekly-vulnerability-report-security-flaws/ #criticalvulnerabilities #ThreatIntelligenceNews #TheCyberExpressNews #CybersecurityNews #VulnerabilityNews #PHPvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #FortiOS #GitHub
-
Fortinet fixed a critical remote code execution bug in FortiClientLinux – Source: securityaffairs.com https://ciso2ciso.com/fortinet-fixed-a-critical-remote-code-execution-bug-in-forticlientlinux-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Fortinet #Security #FortiOS #hacking
-
Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:
- FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
- FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
- FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
- FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
- FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
- FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
- FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
- FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
- FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
- FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
- FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
- FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
- FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)
#PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy
-
Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:
- FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
- FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
- FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
- FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
- FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
- FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
- FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
- FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
- FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
- FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
- FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
- FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
- FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)
#PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy
-
Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:
- FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
- FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
- FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
- FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
- FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
- FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
- FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
- FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
- FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
- FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
- FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
- FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
- FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)
#PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy
-
Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:
- FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
- FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
- FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
- FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
- FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
- FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
- FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
- FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
- FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
- FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
- FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
- FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
- FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)
#PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy
-
Happy Patch Tuesday from your friends at Fortinet. 13 security advisories, 15 vulnerabilities. No mention of exploitation in the wild:
- FG-IR-23-087 CVE-2023-45590 (9.6 critical) [FortiClient Linux] Remote Code Execution due to dangerous nodejs configuration
- FG-IR-23-345 CVE-2023-45588 and CVE-2024-31492 (8.2 high) FortiClientMac - Lack of configuration file validation
- FG-IR-23-419 CVE-2023-47542 (6.7 medium) FortiManager - Code Injection via Jinja Template
- FG-IR-23-288 CVE-2023-48785 (4.8 medium) FortiNAC-F - Lack of certificate validation
- FG-IR-23-413 CVE-2023-48784 (6.7 medium) FortiOS - Format String in CLI command
- FG-IR-23-224 CVE-2024-23662 (5.3 medium ) FortiOS - Web server ETag exposure
- FG-IR-23-493 CVE-2023-41677 (7.5 high) FortiOS & FortiProxy - administrator cookie leakage
- FG-IR-23-454 CVE-2024-23671 (8.1 high) FortiSandbox - Arbitrary file delete on endpoint
- FG-IR-24-060 CVE-2024-31487 (5.9 medium) FortiSandbox - Arbitrary file read on endpoint
- FG-IR-23-416 CVE-2023-47541 (6.7 medium) FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
- FG-IR-23-411 CVE-2023-47540 (6.7 medium) FortiSandbox - Command injection impacting CLI command
- FG-IR-23-489 CVE-2024-21755 and CVE-2024-21756 (8.8 high) FortiSandbox - OS command injection on endpoint
- FG-IR-24-009 CVE-2024-26014 (5.3 medium) SMTP Smuggling (analyst note: third party vulnerability)
#PatchTuesday #Fortinet #FortiManager #vulnerability #FortiSandbox #FortiOS #FortiProxy