4 matches found
Vulnerabilities fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...
CVE-2023-28001
creationtimestamp| type| source ---|---|--- 2023-07-11 20:29:58+00:00| seen| https://t.me/cibsecurity/66417 2023-07-12 20:01:05+00:00| seen| https://t.me/truesecator/4609...
CVE-2023-28001
CVE-2023-28001 affects Fortinet FortiOS FortiOS REST API. The issue is an insufficient session expiration that could allow an attacker to reuse the session of a deleted user to execute unauthorized code/commands. Connected sources confirm the vulnerability and note Fortinet/FortiGuard PSIRT advis...
Fortinet Fortigate Existing websocket connection persists after deleting API admin (FG-IR-23-028)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute...