June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
May 29, 2024 at 02:10PM A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise. Based on the meeting notes, … Read more
May 28, 2024 at 12:25PM Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiSIEM solution, impacting versions 6.4.0 and higher. Tracked as CVE-2024-23108, the flaw enables remote command execution as root without authentication. This PoC exploit could allow attackers to execute unauthorized commands and must be addressed promptly to … Read more
May 20, 2024 at 11:42AM Fluent Bit, a widely used logging utility, has a critical vulnerability allowing DoS attacks, information disclosure, and potential RCE. Tenable found a memory corruption flaw, affecting major cloud and tech companies. While a patch is developed, it’s not released. Users are advised to mitigate risks by restricting API access and … Read more
April 25, 2024 at 12:50PM “Over 1,400 vulnerable CrushFTP servers exposed online are currently targeted by attacks exploiting a critical SSTI vulnerability (CVE-2024-4040), allowing unauthenticated attackers to gain remote code execution. The severity of the flaw was confirmed by Rapid7, with 1,401 unpatched instances discovered. Active exploitation of the zero-day was reported, prompting urgent patching … Read more
April 24, 2024 at 09:33AM Security researchers and CrushFTP warn of a critical sandbox escape flaw (CVE-2024-4040) in version 11.1 of the multiprotocol, multiplatform, cloud-based file transfer server. The vulnerability has been actively exploited and potentially politically motivated, leading to intelligence gathering attacks on US organizations. Publicly available exploit code raises high risks, urging immediate … Read more
March 27, 2024 at 12:30PM CISA warns of attackers exploiting a Microsoft SharePoint vulnerability, enabling remote code execution and admin privilege takeover. Nguyễn Tiến Giang earned $100,000 for demonstrating its exploitation. Multiple proof-of-concept exploits have emerged, prompting CISA to order patching by January 31. This poses a significant risk, emphasizing the need for quick patching … Read more
March 21, 2024 at 11:18AM Security researchers have released a PoC exploit for a critical SQL injection vulnerability in Fortinet’s FortiClient EMS. Tracked as CVE-2023-48788, it impacts versions 7.0 and 7.2, allowing unauthenticated threat actors to gain RCE with SYSTEM privileges. With Horizon3’s PoC, attackers can modify it to use Microsoft SQL Server xp_cmdshell for … Read more
March 18, 2024 at 03:08PM Despite a slight increase in patching, over 133,000 Fortinet appliances remain vulnerable to the critical security flaw CVE-2024-21762. The vulnerability allows remote code execution and is actively exploited. Another critical flaw, CVE-2023-48788, has been disclosed, adding to the patching workload. The widespread attacks make swift patching crucial. Key takeaways from … Read more
March 13, 2024 at 02:48PM Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited … Read more