Security News > 2023 > March > Fortinet warns of new critical unauthenticated RCE vulnerability
2023-03-08 19:25
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of vulnerable devices using specially crafted requests.
FortiOS version 7.2.0 through 7.2.3.
FortiOS version 7.0.0 through 7.0.9.
FortiOS version 6.4.0 through 6.4.11.
FortiOS version 6.2.0 through 6.2.12.
On February 16, Fortinet fixed two critical remote code execution flaws impacting FortiNAC and FortiWeb products, calling users to apply the security updates immediately.
News URL
Related news
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)