Monthly Patches are out for Fortinet, with one vulnerability currently being exploited.
Fortinet Exploit
Monthly Patches are out, with 7 bulletins, with 2 rated Critical, 3 rated High, 1 rated Moderate, and 1 rated Low. Highest CVSSv3 score of 9.6
More info.
An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy and FortiSwitchManager allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. This was being discussed online last week, is being exploited, and PoC is expected. CVSSv3 score of 9.6
More info.
Multiple improper neutralization of special elements used in an OS Command vulnerabilities in Console, Telnet, and SSH login components of FortiTester allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. CVSSv3 score of 9.6
More info.
Comments