Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification

June 26, 2023

Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. The CVSS […]

An Insight into RSA 2023: Capabilities Utilization for Container Escape

June 23, 2023

At the RSA Conference this year, researchers from Cyberason shared the topic of Container Escape: All You Need Is Cap (Capabilities), detailing three methods of using Cap permissions for container escape, hoping to make users pay attention to the permission allocation of Capabilities when using containers and maintain best practices. This article will provide a […]

An Insight into RSAC 2023: Build Cloud-Native Security Base Based on Zero Trust

June 21, 2023

At the 2023 RSA conference, Tracy Walker, Senior Security Engineer from SUSE NeuVector, shared with us a transparent (business- and environment-neutral) approach to blocking 0-Day attacks in K8S environments – Zero Trust Principle and demonstrated it using an open source tool, NeuVector. Based on Tracy’s zero-trust viewpoint and the SUSE solution, NSFOCUS security researcher explores […]

VMware Aria Operations for Networks Remote Code Execution Vulnerability (CVS 2023-20887) Notification

June 20, 2023

Overview Recently, NSFOCUS CERT detected a remote code execution vulnerability in VMware Aria Operations for Networks. Due to a specific flaw in the createSupportBundle method, the string entered by the user is not properly validated when executing system calls. Unauthenticated remote attackers can exploit this vulnerability through command injection, ultimately enabling the execution of arbitrary […]

Digital Transformation – New Era for Macau 2023

June 19, 2023

V-Transform Expo, June 16, 2023, Macau Tower Convention and Entertainment center, Macau NSFOCUS, a leading provider of network security solutions and services, exhibited at V-Transform Expo 2023 in Macau as Silver Sponsor, organized by Vastcom Technology Limited. Our team joined a day of insightful sessions on cybersecurity, artificial intelligence, digital transformation, machine learning, cloud computing…etc. NSFOCUS is your ideal partner […]

An Insight into RSAC 2023: Convergence of Threat Intelligence and AI

Uma imagem que ilustra um cérebro em desenho artificial.

June 19, 2023

I. Overview In cybersecurity, big data is transforming threat intelligence and artificial intelligence, providing security teams with the flexibility to respond to changing environments. At the 2023 RSAC, Microsoft Vice President John Lambert discussed the convergence of intelligence and AI at the intersection of data and threats. The topic focused on how defenders can leverage […]

Openfire Console Identity Authentication Bypass Vulnerability (CVS 2023-32315) Notification

June 16, 2023

Overview Recently, NSFOCUS CERT detected an identity authentication bypass vulnerability in the Openfire console (CVE-2023-32315). The Admin Console of Openfire is a web-based application that has been found to be vulnerable to path traversal attacks by setting up the environment. Unauthenticated attackers use the unauthenticated Openfire setting environment in a configured Openfire environment to access […]

An Insight into RSAC 2023: Web Application and API Security Trend

Uma imagem que possui API escrito no fundo.

June 15, 2023

At this year’s RSA conference, Akamai Senior Vice President Rupesh Chokshi shared a topic entitled Spotlight on latest web application and API attack data, highlighting the latest web application vulnerabilities and API attack trends. This article will explore this topic, starting from the data trends of application vulnerabilities and API attacks in recent years, describing […]

Fortinet FortiOS SSL VPN Remote Code Execution Vulnerability (CVS 2023-27997)

June 14, 2023

Overview Recently, NSFOCUS CERT found that Fortinet has officially fixed a remote code execution vulnerability in FortiOS SSL VPN (CVS-2023-27997). Due to the heap-based Buffer overflow error in SSL VPN, an unauthenticated attacker can trigger the vulnerability by sending a specially crafted packet, which can ultimately enable the execution of arbitrary code on the target […]

Illegal Upload Protection

June 13, 2023

When a client uploads a file to a server, NSFOCUS WAF performs protection based on the file type. If the file type matches an illegal upload restriction policy, NSFOCUS WAF allows or blocks the upload based on the corresponding action specified in the policy, and logs the event. On the Illegal Upload Restriction page, customers […]


Subscribe to the NSFOCUS Blog