Security News > 2024 > October > Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion

Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion
2024-10-20 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the wild. Attackers deploying red teaming tool for EDR evasion Threat actors … More → The post Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/10/20/week-in-review-87k-fortinet-devices-still-open-to-attack-red-teaming-tool-used-for-edr-evasion/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-15 CVE-2024-23113 Use of Externally-Controlled Format String vulnerability in Fortinet products
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-134
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 169 57 403 183 81 724