Fortinet

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

by

April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

by

April 11, 2024 at 02:09AM Fortinet has released patches for the critical security flaw in FortiClientLinux (CVE-2023-45590) with a CVSS score of 9.4. The vulnerability allows arbitrary code execution through a malicious website. Versions 7.0.3 through 7.0.10 are affected, requiring an upgrade to 7.0.11 or higher. Other security issues were also addressed, urging users to … Read more

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

by

April 10, 2024 at 08:30AM Fortinet announced patches for critical vulnerabilities in FortiOS and other products, including a code injection bug in FortiClientLinux (CVE-2023-45590). Several high-severity vulnerabilities were also addressed in FortiOS, FortiProxy, FortiClientMac, and FortiSandbox. Users are advised to update their Fortinet appliances promptly to prevent potential cyber threats. CISA warns of the vulnerabilities’ … Read more

From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware

by

April 5, 2024 at 06:33AM Bogus Adobe Acrobat Reader installers are distributing a new multi-functional malware called Byakugan. The attack begins with a PDF file in Portuguese prompting the victim to download the Reader application. Clicking the link leads to the installation of the malware, which leverages various techniques to deploy its payload and gather … Read more

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

by

March 26, 2024 at 06:42AM The US cybersecurity agency, CISA, warns about the exploitation of CVE-2023-48788, a critical SQL injection bug affecting Fortinet’s FortiClient EMS. Patches have been released, and the vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. Concerns also extend to another vulnerability, CVE-2021-44529, affecting Ivanti Endpoint Manager. (Words: 50) Based … Read more

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

by

March 26, 2024 at 02:21AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security flaws to its Known Exploited Vulnerabilities catalog, citing active exploitation evidence. The vulnerabilities include SQL injection flaws in Fortinet FortiClient EMS, Ivanti Endpoint Manager Cloud Service Appliance, and Nice Linear eMerge E3-Series OS. Federal agencies must apply the mitigations … Read more

Exploit released for Fortinet RCE bug used in attacks, patch now

by

March 21, 2024 at 11:18AM Security researchers have released a PoC exploit for a critical SQL injection vulnerability in Fortinet’s FortiClient EMS. Tracked as CVE-2023-48788, it impacts versions 7.0 and 7.2, allowing unauthenticated threat actors to gain RCE with SYSTEM privileges. With Horizon3’s PoC, attackers can modify it to use Microsoft SQL Server xp_cmdshell for … Read more

More than 133,000 Fortinet appliances still vulnerable to month-old critical bug

by

March 18, 2024 at 03:08PM Despite a slight increase in patching, over 133,000 Fortinet appliances remain vulnerable to the critical security flaw CVE-2024-21762. The vulnerability allows remote code execution and is actively exploited. Another critical flaw, CVE-2023-48788, has been disclosed, adding to the patching workload. The widespread attacks make swift patching crucial. Key takeaways from … Read more

Fortinet Warns of Yet Another Critical RCE Flaw

by

March 14, 2024 at 04:35PM CVE-2024-48788, a recent Fortinet flaw, is expected to be a prime target, particularly for nation-state sponsored actors, due to its similarity to other vulnerabilities. Based on the meeting notes, the key takeaway is that CVE-2024-48788, similar to other recent Fortinet vulnerabilities, is expected to be a highly desirable target, particularly … Read more

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

by

March 14, 2024 at 01:21AM Fortinet warns of critical flaw (CVE-2023-48788) in FortiClientEMS and two other bugs in FortiOS and FortiProxy, with a 9.3 CVSS score. Exploitation could result in unauthorized code execution. Upgrade affected versions as per the advisory. No current active exploitation, but immediate patching is crucial due to prior abuse of unpatched … Read more