Fortinet News Articles
Recent news articles refferecing the vendors vulnerabilities.
Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308) - ÇözümPark
Fortinet FortiOS ve FortiProxy'de Kritik RCE Zafiyeti (CVE-2023-33308)
2 months ago
FortiOS Vulnerability Let Attackers Execute Unauthorized Commands
Fortinet has disclosed multiple stack-based buffer overflow vulnerabilities (CVE-2024-23110) in FortiOS's command line interpreter.
3 months ago
Fortinet Patches Code Execution Vulnerability in FortiOS
On Tuesday, Fortinet released patches for multiple vulnerabilities in FortiOS and other products, including several that lead to code execution. The most severe, CVE-2024-23110 (CVSS score of 7.4), involves stack-based buffer overflow issues in the command line interpreter, potentially allowing auth...
3 months ago
Risky Biz News: The Linux CNA mess
In other news: TikTok zero-day used to hack high-profile accounts; mysterious new APT targets China; Hungary's ruling party boycotts Russian hack investigation.
3 months ago
Le vulnerabilità critiche nei dispositivi FortiSIEM, macOS e Glibc
Le vulnerabilità scoperte possono avere conseguenze devastanti per la privacy e l'integrità dei dati, oltre che per la continuità operativa.
4 months ago
Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access
Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.
4 months ago
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) - Help Net Security
PoC exploits for CVE-2024-23108 and CVE-2023-34992, critical vulnerabilities affecting Fortinet FortiSIEM appliances, are public.
4 months ago
PoC Exploit Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
A PoC exploit has been released for a critical vulnerability in Fortinet's FortiSIEM. the article delves into the details of vulnerability.
4 months ago
Experts released PoC exploit code for RCE in Fortinet SIEM
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution.
4 months ago
Exploit released for maximum severity Fortinet RCE bug, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
4 months ago
New Fortinet FortiSIEM flaws evading patches for older RCE reported
Fortinet has reported that its FortiSIEM solution is impacted by two new vulnerabilities that circumvent fixes issued for a critical remote code execution flaw, tracked as CVE-2023-34992, after mistakenly disclosing the newly identified issues as duplicates of the older bug, according to BleepingCom...
4 months ago
Critical Unauthenticated RCE Vulnerability in Fortinet FortiSIEM: PoC Published
A proof-of-concept (PoC) exploit has been released for a critical unauthenticated, remote code execution vulnerability in Fortinet FortiSIEM, tracked as CVE-2023-34992.
4 months ago
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive – Horizon3.ai
CVE-2023-34992 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.
4 months ago
Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
If you use Fortinet FortiClient EMS, patch NOW. Hackers are actively using a new exploit
5 months ago
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet's FortiClient EMS
Forescout discloses Connect:fun exploitation campaign targeting organizations using Fortinet's FortiClient EMS.
5 months ago
Fortinet patches FortiClientLinux critical RCE vulnerability
The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.
5 months ago
CISA Expands Known Exploited Vulnerabilities Catalog with New Entries (CVE-2023-48788, CVE-2021-44529 and CVE-2019-7256) - OP INNOVATE
CISA adds three actively exploited vulnerabilities to its catalog: CVE-2023-48788 (Fortinet), CVE-2021-44529 (Ivanti), and CVE-2019-7256 (Nice Linear), urging prompt patching to mitigate risks of SQL injection, code injection, and OS command injection attacks.
6 months ago
Fortinet FortiClient EMS SQL injection flaw exploited in the wild
A PoC exploit is available for the critical flaw, which was added to CISA’s KEV catalog Monday.
6 months ago
SQL injection vulnerability in Fortinet software under attack | Tec...
Another critical Fortinet vulnerability is under attack. But internet scans show many customers remain unpatched against the SQL injection flaw.
6 months ago
Patch Now: Critical Fortinet RCE Bug Under Active Attack
A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.
6 months ago
Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild.
6 months ago
CVE-2024-21762 Exploit Sale Targets FortiOS SSL VPN
The CVE-2024-21762 exploit sale on the dark web targets Fortinet's FortiOS and FortiProxy systems with a potential remote code execution.
6 months ago
Exploit Released For Critical Fortinet RCE Flaw: Patch Soon!
FortiClientEMS (Enterprise Management Server), the security solution used for scalable and centralized management was discovered
6 months ago
CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability
Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software.
6 months ago
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
6 months ago
Over 133,000 Fortinet appliances are still vulnerable to a critical flaw — here’s why you need to patch now
Tens of thousands of Fortinet customers are still yet to patch vulnerable appliances
6 months ago
133,000+ Vulnerable FortiOS/FortiProxy Instances : Exploitation Started
A critical security vulnerability has identified in Fortinet's FortiOS and FortiProxy, potentially affecting over 133,000 devices worldwide.
6 months ago
133k+ Fortinet appliances still vulnerable to CVE-2024-21762
The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to...
6 months ago
Exploitation activity increasing on Fortinet vulnerability | TechTa...
The Shadowserver Foundation observed an uptick in exploitation activity for a Fortinet vulnerability after Assetnote published a proof of concept.
6 months ago
CVE-2023-48788
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
6 months ago
Fortinet RCE Vulnerability Affects FortiClient EMS Servers – Gridinsoft Blog
SQL injection vulnerability in Fortinet FortiClientEMS, allows unauthenticated attackers to execute code from a specially crafted message.
6 months ago
Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) - Help Net Security
Horizon3 means to publish technical details and a PoC exploit for CVE-2023-48788 next week, and someone is selling one via GitHub.
6 months ago
CVE-2024-21762 Archives
Critical Alert: FortiOS Vulnerable to Remote Code Execution (CVE-2024-23113)On February 9, 2024, Fortinet disclosed a critical vulnerability in FortiOS that could leave systems wide open to remote...
6 months ago
CVE-2023-48788 Archives
VulnerabilityMarch 12, 2024Fortinet Issues Urgent Security Patches for Critical VulnerabilitiesFortinet, a leading cybersecurity firm, has released five security advisories addressing six major...
6 months ago
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet warns of a severe flaw in FortiClientEMS allowing attackers to execute code remotely. CVE-2023-48788 has a CVSS score of 9.3.
6 months ago
Fortinet warns of critical RCE bug in endpoint management software
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.
6 months ago
Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but still no evidence of widespread exploitation.
6 months ago
Vulnerability in 150K+ Fortinet Devices Let Hackers Execute Arbitary Code Remotely
A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.
6 months ago
Critical Fortinet FortiOS bug CVE-2024-21762 potentially impact 150,000 internet-facing devices
Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices.
6 months ago
Critical Fortinet flaw may impact 150,000 exposed devices
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.
6 months ago
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) - Help Net Security
Fortinet has patched critical RCE vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is being exploited in the wild.
7 months ago
CISA warns Fortinet zero-day vulnerability under attack | TechTarget
Fortinet issued advisories for two critical zero-day vulnerabilities, but said one is 'potentially' under attack.
7 months ago
New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
Detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS being exploited in-the-wild. Organizations should patch urgently
7 months ago
CISA and Fortinet Warns of New Critical FortiOS Zero-Day Flaws
Network security vendor Fortinet has released security updates to address remote code execution vulnerabilities in FortiOS.
7 months ago
Fortinet Warns of Zero Day in FortiOS
Fortinet is urging customers to patch an actively exploited flaw (CVE-2024-21762) in many versions of its FortiOS software.
7 months ago
Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild
Fortinet has suggested disabling SSL VPN VPN VPNs as a workaround to address the security vulnerability affecting SSL VPN web portals.
7 months ago
New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
7 months ago
New Fortinet RCE vulnerability potentially under exploitation
The FortiOS bug was patched a day after Volt Typhoon exploitation of past bugs was revealed.
7 months ago
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
7 months ago