Fortinet addressed an arbitrary code execution vulnerability in FortiNAC. CVE-2023-33299 has been rated as critical with a CVSS base score of 9.6. Florian Hauser from CODE WHITE has discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute unauthorized code on the target system. FortiNAC is … Continue reading “Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)”
Tag: Arbitrary Code Execution Vulnerability
Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)
Fortinet has addressed a heap-based buffer overflow vulnerability in its network operating system, FortiOS. CVE-2023-27997 has been given a critical severity with a CVSS score of 9.2. Charles Fol and Dany Bach from LEXFO have discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code … Continue reading “Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)”
Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches
Cisco has released a patch to address nine vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. On successful exploitation, the vulnerabilities could enable an attacker to cause a denial of service (DoS) condition or perform arbitrary code execution on an affected device. Vulnerabilities CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, and CVE-2023-20189 are rated … Continue reading “Cisco Patches Multiple Buffer Overflow Vulnerabilities in its Small Business Series Switches”
Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)
A critical severity arbitrary code execution vulnerability, found in the Apache Commons Text library, has been discovered and reported by Alvaro Munoz. Tracked as CVE-2022-42889, this vulnerability has been assigned a CVSS base score of 9.8 and could result in remote code execution applied to untrusted input due to insecure interpolation defaults. Apache Commons … Continue reading “Apache Commons Arbitrary Code Execution Vulnerability (Text4Shell) (CVE-2022-42889)”
Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)
Cisco has released patches for multiple vulnerabilities in Cisco Nexus Dashboard (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861). The vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. These vulnerabilities were discovered during internal security testing by Michael J Davenport of the … Continue reading “Cisco Nexus Dashboard Unauthorized Access Vulnerabilities (CVE-2022-20857, CVE-2022-20858, and CVE-2022-20861)”
Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)
On Monday, Apple released an iPhone security update to fix a major vulnerability that is being exploited in the wild. With the latest patch, the corporation has now resolved a total of 17 zero-days in 2021 – a new high. The vulnerability CVE-2021-30883 involves a memory corruption flaw in the IOMobileFrameBuffer component. This flaw allows an application to run arbitrary … Continue reading “Apple releases emergency update to address the arbitrary code execution zero-day vulnerability (CVE-2021-30883)”
Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)
Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow authenticated remote attacker to execute arbitrary code. By performing certain SMB operations with a specially crafted server name, an authenticated attacker may be able to execute arbitrary code with root privileges on a vulnerable PCS server. PCS allows to … Continue reading “Pulse Connect Secure Authenticated Arbitrary Code Execution Vulnerability (CVE-2021-22908)”
