Fortinet has addressed a heap-based buffer overflow vulnerability in its network operating system, FortiOS. CVE-2023-27997 has been given a critical severity with a CVSS score of 9.2. Charles Fol and Dany Bach from LEXFO have discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code … Continue reading “Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)”
Tag: FortiGate
Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)
Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”
Fortinet FortiOS SSL VPN Multiple Cross-Site Scripting Vulnerabilities (CVE-2018-13379,CVE-2018-13380,CVE-2018-13381,CVE-2018-13382,CVE-2018-13383)
Summary: Amidst the global lock-down environment, hackers have come forward to use SSL VPN vulnerabilities and gets lucrative. Hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies., throughout the previous year (which already Qualys have protection covered) and again this time they have come up with FortiOS … Continue reading “Fortinet FortiOS SSL VPN Multiple Cross-Site Scripting Vulnerabilities (CVE-2018-13379,CVE-2018-13380,CVE-2018-13381,CVE-2018-13382,CVE-2018-13383)”
FortiGate Shadow Brokers Exploit – CVE-2016-6909
Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”