Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)

Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”

Fortinet FortiOS SSL VPN Multiple Cross-Site Scripting Vulnerabilities (CVE-2018-13379,CVE-2018-13380,CVE-2018-13381,CVE-2018-13382,CVE-2018-13383)

Summary: Amidst the global lock-down environment, hackers have come forward to use SSL VPN vulnerabilities and gets lucrative. Hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies., throughout the previous year (which already Qualys have protection covered) and again this time they have come up with FortiOS … Continue reading “Fortinet FortiOS SSL VPN Multiple Cross-Site Scripting Vulnerabilities (CVE-2018-13379,CVE-2018-13380,CVE-2018-13381,CVE-2018-13382,CVE-2018-13383)”

FortiGate Shadow Brokers Exploit – CVE-2016-6909

Abstract: You may have heard that recently a group known as “Shadow Brokers” released what are said to be a bunch of exploits and tools written and used by the NSA. The dump contains a set of exploits, implants and tools for hacking firewalls (“Firewall Operations”). One of the tools from the Shadow Brokers leak … Continue reading “FortiGate Shadow Brokers Exploit – CVE-2016-6909”