Security News > 2023 > March > Fortinet warns of new critical unauthenticated RCE vulnerability
2023-03-08 19:25
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of vulnerable devices using specially crafted requests.
FortiOS version 7.2.0 through 7.2.3.
FortiOS version 7.0.0 through 7.0.9.
FortiOS version 6.4.0 through 6.4.11.
FortiOS version 6.2.0 through 6.2.12.
On February 16, Fortinet fixed two critical remote code execution flaws impacting FortiNAC and FortiWeb products, calling users to apply the security updates immediately.
News URL
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Critical Fortinet flaw may impact 150,000 exposed devices (source)
- Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- More than 133,000 Fortinet appliances still vulnerable to month-old critical bug (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)