FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)

Fortinet has addressed an out-of-bounds write vulnerability impacting FortiOS. Tracked as CVE-2024-21762, the vulnerability has a critical severity rating with a CVSS score 9.6. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Fortinet quoted in the advisory that vulnerability is potentially exploited … Continue reading “FortiOS Out-of-Bound Write Vulnerability Under Active Exploitation (CVE-2024-21762)”

Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)

Fortinet addressed an arbitrary code execution vulnerability in FortiNAC. CVE-2023-33299 has been rated as critical with a CVSS base score of 9.6. Florian Hauser from CODE WHITE has discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute unauthorized code on the target system. FortiNAC is … Continue reading “Fortinet Patches Critical Arbitrary Code Execution Vulnerability in FortiNAC (CVE-2023-33299)”

Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)

Fortinet has addressed a heap-based buffer overflow vulnerability in its network operating system, FortiOS. CVE-2023-27997 has been given a critical severity with a CVSS score of 9.2. Charles Fol and Dany Bach from LEXFO have discovered and reported the vulnerability to Fortinet. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code … Continue reading “Fortinet FortiOS Critical Heap-Based Buffer Overflow Vulnerability (CVE-2023-27997)”

Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products

Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”

Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)

Fortinet has recently issued advisories and warnings regarding several vulnerabilities in its products, including FortiOS, FortiProxy, and FortiSwitchManager. One of the most critical vulnerabilities is a path traversal vulnerability in FortiOS (CVE-2022-41328). A privileged attacker may read and write arbitrary files via crafted CLI commands. Threat groups have been using zero-day exploits to abuse the … Continue reading “Fortinet FortiOS Path Traversal Vulnerability (CVE-2022-41328)”

FortiOS and FortiProxy Heap Buffer Underflow Vulnerability (CVE-2023-25610)

Fortinet has released a security update to fix a heap buffer underflow vulnerability in its products such as FortiOS and FortiProxy. CVE-2023-25610 has been rated as critical with a CVSSv3 score of 9.3. On successful exploitation, the vulnerability can allow an unauthenticated, remote attacker to execute arbitrary code on the target system and/or perform a DoS … Continue reading “FortiOS and FortiProxy Heap Buffer Underflow Vulnerability (CVE-2023-25610)”

Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)

Fortinet has released patches for an actively exploited pre-authentication remote code execution vulnerability in FortiOS SSL-VPN. Tracked as CVE-2022-42475, it is a critical vulnerability with a CVSSv3 score of 9.8. On successful exploitation, this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code on the target system.    The advisory states, “Fortinet is … Continue reading “Fortinet Patches an Actively Exploited Pre-authentication Remote Code Execution Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)”

FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)

Fortinet has patched a critical authentication bypass vulnerability in FortiOS, FortiProxy, and FortiSwitchManager products. Tracked as CVE-2022-40684, this is an authentication bypass vulnerability that could allow an attacker to perform unauthorized operations on vulnerable devices. CISA has added this vulnerability to its Known Exploitable Vulnerabilities Catalog. Fortinet addressed the vulnerability by tweeting, “Due to the ability … Continue reading “FortiOS, FortyProxy, and FortiSwitch Manager Authentication Bypass Vulnerability on Administrative Interface (CVE-2022-40684)”