Overview Recently, NSFOCUS CERT detected an identity authentication bypass vulnerability in the Openfire console (CVE-2023-32315). The Admin Console of Openfire is a web-based application that has been found to be vulnerable to path traversal attacks by setting up the environment. Unauthenticated attackers use the unauthenticated Openfire setting environment in a...
Blog
An Insight into RSAC 2023: Web Application and API Security Trend
At this year's RSA conference, Akamai Senior Vice President Rupesh Chokshi shared a topic entitled Spotlight on latest web application and API attack data, highlighting the latest web application vulnerabilities and API attack trends. This article will explore this topic, starting from the data trends of application vulnerabilities and API...
Fortinet FortiOS SSL VPN Remote Code Execution Vulnerability (CVS 2023-27997)
Overview Recently, NSFOCUS CERT found that Fortinet has officially fixed a remote code execution vulnerability in FortiOS SSL VPN (CVS-2023-27997). Due to the heap-based Buffer overflow error in SSL VPN, an unauthenticated attacker can trigger the vulnerability by sending a specially crafted packet, which can ultimately enable the execution of...
Illegal Upload Protection
When a client uploads a file to a server, NSFOCUS WAF performs protection based on the file type. If the file type matches an illegal upload restriction policy, NSFOCUS WAF allows or blocks the upload based on the corresponding action specified in the policy, and logs the event. On the...
Turkey Companies Targeted by RedBeard with Phishing Attacks
I. Summary Recently, NSFOCUS Security Labs observed some phishing attacks targeting Turkish companies, including the Turkish industrial group Borusan Holding, communication operator Turkcell, bank Vakıf Katılım, and online lottery service company Nesine. The attacker placed different types of phishing documents and new Trojan programs in this group of activities to...
Nacos Raft Protocol Deserialization Code Execution Vulnerability
Overview Recently, NSFOCUS CERT found that there was a deserialization vulnerability in Nacos's Raft protocol. Due to the Nacos cluster's unrestricted use of Hessian for deserialization when processing some Jraft requests, attackers can execute code. Affected users should take protective measures as soon as possible. Vulnerability DetailsVulnerability PoCVulnerability EXPUtilization in...
