Security News > 2023 > March > Fortinet warns of new critical unauthenticated RCE vulnerability
2023-03-08 19:25
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of vulnerable devices using specially crafted requests.
FortiOS version 7.2.0 through 7.2.3.
FortiOS version 7.0.0 through 7.0.9.
FortiOS version 6.4.0 through 6.4.11.
FortiOS version 6.2.0 through 6.2.12.
On February 16, Fortinet fixed two critical remote code execution flaws impacting FortiNAC and FortiWeb products, calling users to apply the security updates immediately.
News URL
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)