Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification
junho 26, 2023
Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. The CVSS […]
Fortinet FortiOS and FortiProxy Remote Code Execution Vulnerability Notice (CVE-2023-25610)
março 12, 2023
Overview Recently, NSFOCUS CERT found that Fortinet officially issued a security notice to fix a Fortinet FortiOS and FortiProxy remote code execution vulnerability (CVE-2023-25610). Due to the heap buffer underflow flaw in the management interface of FortiOS and FortiProxy, an unauthenticated remote attacker can execute arbitrary code on the target device or perform a DoS […]
Fortinet Multiple Product Security Vulnerability Alerts
fevereiro 22, 2023
Overview Recently, NSFOCUS CERT found that Fortinet officially released a security notice, which fixed multiple Fortinet product vulnerabilities. The key vulnerabilities are as follows: FortiNAC keyUpload remote code execution vulnerability (CVE-2022-39952): Due to a flaw in the keyUpload script of FortNAC, an unauthenticated attacker can execute arbitrary code on the target system by sending a […]
Fortinet FortiOS sslvpnd Remote Code Execution Vulnerability (CVE-2022-42475)
dezembro 14, 2022
Overview Recently, NSFOCUS CERT detected that Fortinet officially fixed a remote code execution vulnerability (CVE-2022-42475) in FortiOS sslvpnd. Due to the flaw in sslvpnd’s validation of user input, an unauthenticated attacker can trigger a buffer overflow by sending a specially crafted packet, which can eventually execute arbitrary code on the target system. The CVSS score […]
