March 27, 2023

Fortinet has patched two critical bugs in its FortiNAC and FortiWeb products that if exploited could allow an unauthenticated attacker to execute unauthorized code or commands via a specifically crafted HTTP request.

The FortiNAC bug tracked as CVE-2022-39952 was rated at 9.8 and affected versions 9.4.0; 9.2.0 through 9.2.5; 9.1.0 through 9.1.7; 8.8.0 through 8.8.11; 8.7.0 through 8.7.6; 8.6.0 through 8.6.5; 8.5.0 through 8.5.4; and 8.3.7.

Advertisements

The FortiWeb bug tracked as CVE-2021-42756  was reported as a multiple stack-based buffer overflow vulnerability in the proxy daemon of FortiWeb 5.x all versions; 6.0.7 and below; 6.1.2 and below; 6.2.6 and below; 6.3.16 and below; and 6.4.

Its recommended for the users to do the upgrades as specified in its advisories for the FortiNAC and FortiWeb products.

None of the two vulnerabilities are not exploited in wild by threat actors.

Tags:

Leave a Reply

You may have missed

Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
CatB Ransomware Dissection

CatB Ransomware Dissection

March 26, 2023
Microsoft Patches Acropalypse Vulnerability

Microsoft Patches Acropalypse Vulnerability

March 26, 2023
TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
%d bloggers like this: