Remote Code Execution Vulnerability

Fortinet FortiNAC Remote Code Execution Vulnerability (CVS 2023-33299) Notification

junho 26, 2023

Overview Recently, NSFOCUS CERT monitored that Fortinet officially fixed a Fortinet FortinaC remote code execution vulnerability (CVE-2023-33299). Unauthenticated remote attackers can exploit this vulnerability by sending a customized request to the service running on TCP port 1050, and an attacker who successfully exploits this vulnerability can execute arbitrary code on the target system. The CVSS […]

Fortinet FortiOS SSL VPN Remote Code Execution Vulnerability (CVS 2023-27997)

junho 14, 2023

Overview Recently, NSFOCUS CERT found that Fortinet has officially fixed a remote code execution vulnerability in FortiOS SSL VPN (CVS-2023-27997). Due to the heap-based Buffer overflow error in SSL VPN, an unauthenticated attacker can trigger the vulnerability by sending a specially crafted packet, which can ultimately enable the execution of arbitrary code on the target […]

Apache RocketMQ Remote Code Execution Vulnerability (CVS 2023-33246)

junho 1, 2023

Overview Recently, NSFOCUS CERT found that the PoC of Apache RocketMQ remote code execution vulnerability (CVE-2023-33246) was publicly disclosed online. Due to the lack of appropriate permission verification in some components such as NameServer, Broker, and Controller of RocketMQ, they were unintentionally exposed to the external network. In specific circumstances, attackers can execute commands or […]


Inscreva-se no Blog da NSFOCUS