Fortinet多款产品 输入验证错误漏洞

Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy SSL VPN is a software application.Fortinet FortiPAM is a platform for privilege access control. An input validation...

PT-2025-32874 · Fortinet · Fortipam +2

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.6.3 FortiProxy versions prior to 7.6.3 FortiPAM versions prior to 1.5.1 Description: An Integer Overflow or Wraparound vulnerability CWE-190 may allow an authenticated user to affect the device’s SSL-VPN availabili...

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the compan...

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

CVE-2025-40600 affects SonicWall SonicOS SSL VPN interface with an externally-controlled formatting string vulnerability. A remote unauthenticated attacker can trigger service disruption (DoS) via crafted input. Public details corroborate vulnerability in the SSL VPN handling and indicate impact ...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

CVE-2025-40600

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption...

PT-2025-31264 · Sonicwall · Sonicos

Name of the Vulnerable Software and Affected Versions: SonicWall versions prior to 7.3.0-7012 Description: A format string vulnerability exists in the SonicOS SSL VPN interface, allowing a remote, unauthenticated attacker to cause a denial-of-service DoS condition. The vulnerability is due to the...

SonicWALL SonicOS SSLVPN 格式化字符串错误漏洞

SonicWALL SonicOS SSLVPN is a virtual private network for secure remote access from SonicWALL USA. A Formatting String Error vulnerability exists in SonicWALL SonicOS SSLVPN that originates from an externally controlled formatting string and could result in a service interruption...

SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilities

1 CVE-2025-40596 - Pre-Authentication Stack-Based Buffer Overflow VulnerabilityA Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service DoS or potentially results in code execution. CVSS Score: 7.3 CVSS Vecto...

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access SMA 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Goog...

Cisco Meraki 16.2 / 17 / 18.1 < 18.107.12 / 18.2 < 18.211.2 Multiple Vulnerabilities (cisco-sa-meraki-mx-vpn-dos-QTRHzG2)

The version of the remote Cisco Meraki device is 16.2, 17, 18.1 prior to 18.107.12, or 18.2 prior to 18.211.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the cisco-sa-meraki-mx-vpn-dos-QTRHzG2 advisory, including: - Multiple vulnerabilities in the Cisco...

Cisco Meraki 16.2 < 16.16.6 / 17.x < 17.10.1 DoS (cisco-sa-meraki-mx-vpn-dos-vnESbgBf)

The version of the remote Cisco Meraki device is 16.2 prior to 16.16.6 or 17.x prior to 17.10.1. It is, therefore, potentially affected by a denial of service vulnerability as referenced in the cisco-sa-meraki-mx-vpn-dos-vnESbgBf advisory: - A vulnerability in the Cisco AnyConnect VPN server of...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

CVE-2025-34047

A path traversal vulnerability exists in the Leadsec SSL VPN formerly Lenovo NetGuard, allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation,...

CVE-2025-34047

CVE-2025-34047 is a path traversal vulnerability in Leadsec SSL VPN (formerly Lenovo NetGuard) that allows unauthenticated attackers to read arbitrary files through the ostype parameter in the /vpn/user/download/client endpoint. Root cause: insufficient input sanitization enabling traversal seque...