![]() ![]() ![]() CVE-2022-40676 - FortiNAC - Multiple Reflected XSS: An improper neutralization of input during web page generation in FortiNAC may allow an authenticated user to perform an XSS attack via crafted HTTP requests.CVE-2022-39953 - FortiNAC - Multiple privilege escalation via sudo command: An improper privilege management vulnerability in FortiNAC may allow a low privilege local user with shell access to execute arbitrary commands as root.CVE-2022-39951 - FortiWeb - command injection in webserver: An improper neutralization of special elements used in an OS command vulnerability in FortiWeb may allow authenticated users to execute unauthorized code or commands via specifically crafted HTTP requests.CVE-2023-25610 – FortiOS / FortiProxy – Heap buffer underflow in administrative interface: administrative interface may allow a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI. ![]() Technique: Exploit Public Facing Application (T1190): Details of these vulnerabilities are as follows: Multiple vulnerabilities have been discovered in Fortinet Products, the most severe of which could allow for arbitrary code execution. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |