Jan 14
FortiOS RCE Bug Lets Hackers Run Code Remotely
A critical flaw in FortiOS and FortiSwitchManager could allow unauthenticated attackers to execute arbitrary code over the network.
Source: Arctic Wolf
Read more: CyberSecBrief
seen from Australia
seen from Germany
seen from Malaysia
seen from United States
seen from Malaysia
seen from United States
seen from United States
seen from Spain
seen from Türkiye
seen from United States
seen from Brazil
seen from Türkiye
seen from Australia
seen from Malaysia
seen from Poland
seen from United States
seen from Poland
seen from Malaysia
seen from United States
seen from United States
FortiOS RCE Bug Lets Hackers Run Code Remotely
A critical flaw in FortiOS and FortiSwitchManager could allow unauthenticated attackers to execute arbitrary code over the network.
Source: Arctic Wolf
Read more: CyberSecBrief
The DUHK Attack:因為亂數產生器的問題而造成的安全漏洞
在 Bruce Schneier 那邊看到的:「Attack on Old ANSI Random Number Generator」,攻擊的網站在「The DUHK Attack」,論文在「Practical state recovery attacks against legacy RNG implementations (PDF)」。 攻擊的對象是 ANSI X9.31 Random Number Generator: DUHK (Don’t Use Hard-coded Keys) is a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. 然後攻擊的對象是 Fortinet…
View On WordPress
Old FortiOS VPN Flaw Still Bypasses Two-Factor Login
A years-old FortiOS bug is being actively abused to slip past two-factor authentication, exposing VPN and admin access where LDAP setups are misaligned.
Source: Fortinet
Read more: CyberSecBrief
Why 30,000 Fortinet Devices are Exposed to a CVSS 9.8 SSO Bypass (CVE-2025-59718)
Read the full report on -
CyberDudeBivash offers real-time cybersecurity news, threat intelligence, zero-day vulnerabilities, malware reports, and security tools.
FortiGate 600C (FortiOS 5.x) PPPOE 設定
由於 FortiGate 600C 等較早期機型的 FortiOS 版本(5.x.x ),不支援在GUI下設定PPPOE。故只能夠過下指令的方式設定之(不管是直接接console線下指令或是在GUI的指令視窗都可以) 設定指令的參考範本:config system interface edit “wan1” set vdom “root” set mode pppoe set allowaccess ping fgfm set type physical set alias “MyISP” set username “” set password “”end
View On WordPress
Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”. Successful exploitation of the bug, Fortinet explains in an advisory, may allow an authenticated attacker…
View On WordPress
Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code
A ‘critical’ severity flaw has been detected inFortiOS and FortiProxy, identified as CVE-2023-33308 (CVSS rating 9.8). A remote attacker can use the vulnerability on susceptible devices to execute Fortinet arbitrary code. “A stack-based overflow vulnerability [CWE-124] in FortiOS&FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy…
View On WordPress
Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability
Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability
Home › Vulnerabilities Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability By Ionut Arghire on November 29, 2022 Tweet Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products. Tracked as CVE-2022-40684 and impacting…
View On WordPress