Security News > 2023 > March > Fortinet warns of new critical unauthenticated RCE vulnerability
2023-03-08 19:25
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of vulnerable devices using specially crafted requests.
FortiOS version 7.2.0 through 7.2.3.
FortiOS version 7.0.0 through 7.0.9.
FortiOS version 6.4.0 through 6.4.11.
FortiOS version 6.2.0 through 6.2.12.
On February 16, Fortinet fixed two critical remote code execution flaws impacting FortiNAC and FortiWeb products, calling users to apply the security updates immediately.
News URL
Related news
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)