Lucene search
K

30 matches found

GithubExploit
GithubExploit
added 2026/05/23 1:25 p.m.95 views

Exploit for Path Traversal in Fortinet Fortiproxy

CVE-2018-13379 — Mass Exploit for Fortine...

9.8CVSS7.5AI score0.99999EPSS
Exploits22
GithubExploit
GithubExploit
added 2026/02/05 7:12 p.m.175 views

Exploit for Path Traversal in Fortinet Fortiproxy

CVE-2018-...

9.8CVSS8.5AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2023/08/04 7:2 a.m.88 views

Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and...

10CVSS8.3AI score0.99999EPSS
Exploits665
The Hacker News
The Hacker News
added 2022/06/03 9:19 a.m.219 views

Microsoft Blocks Iran-linked Lebanese Hackers Targeting Israeli Companies

Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group...

9.8CVSS1.1AI score0.99999EPSS
Exploits22
ICS
ICS
added 2022/03/01 12:0 p.m.99 views

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

10CVSS9.9AI score0.99999EPSS
Exploits449References104
The Hacker News
The Hacker News
added 2021/11/17 3:44 p.m.274 views

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

10CVSS9.3AI score0.99999EPSS
Exploits39
Microsoft Secure
Microsoft Secure
added 2021/11/16 4:0 p.m.269 views

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

7.5CVSS9.4AI score0.99999EPSS
Exploits87
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/16 4:0 p.m.275 views

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center MSTIC has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends in Iranian nation state...

7.5CVSS9.4AI score0.99999EPSS
Exploits87
The Hacker News
The Hacker News
added 2021/09/09 7:16 a.m.752 views

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of th...

9.8CVSS0.1AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2021/08/18 3:41 a.m.10391 views

Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF

Details have emerged about a new unpatched security vulnerability in Fortinet's web application firewall WAF appliances that could be abused by a remote, authenticated attacker to execute malicious commands on the system. "An OS command injection vulnerability in FortiWeb's management interface...

9.8CVSS1AI score0.99999EPSS
Exploits25
The Hacker News
The Hacker News
added 2021/05/08 12:24 p.m.524 views

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

Cyber operatives affiliated with the Russian Foreign Intelligence Service SVR have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operato...

10CVSS0.4AI score0.99999EPSS
Exploits356
ThreatPost
ThreatPost
added 2021/04/08 2:0 p.m.356 views

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...

5CVSS10AI score0.99999EPSS
Exploits22References15
The Hacker News
The Hacker News
added 2021/04/08 1:12 p.m.6 views

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said...

9.8CVSS7.7AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2021/04/08 1:12 p.m.498 views

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said...

9.8CVSS1.1AI score0.99999EPSS
Exploits22
Rapid7 Blog
Rapid7 Blog
added 2021/03/05 5:20 p.m.183 views

Metasploit Wrap-Up

FortiOS Path Traversal Returning community contributor mekhalleh submitted a module targeting a path traversal vulnerability within the SSL VPN web portal in multiple versions of FortiOS. The flaw is leveraged to read the usernames and passwords of currently logged in users which are stored in...

9.3CVSS0.6AI score0.99999EPSS
Exploits77
Metasploit
Metasploit
added 2021/02/27 5:42 p.m.81 views

FortiOS Path Traversal Credential Gatherer

Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files through specially crafted HTTP requests. This module exploits this...

9.8CVSS6.8AI score0.99999EPSS
Exploits22
Kitploit
Kitploit
added 2020/11/30 11:30 a.m.2519 views

Fortiscan - A High Performance FortiGate SSL-VPN Vulnerability Scanning And Exploitation Tool

CVE-2018-13379 Exploitation Tool, You can use this tool to check the vulnerability in your FortiGate SSL-VPN. https://www.fortinet.com/blog/business-and-technology/fortios-ssl-vulnerability Usage v 0.6 File List ./fortiscan ip.txt Usage v 0.5 One Liner to Initiate theScan : Host|IP:Port443 or 104...

9.8CVSS10AI score0.99999EPSS
Exploits22References1
CISA
CISA
added 2020/11/27 12:0 a.m.25 views

Fortinet FortiOS System File Leak

The Cybersecurity and Infrastructure Security Agency CISA is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices...

7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/08/14 12:0 a.m.385 views

CVE-2019-5591

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. Recent assessments: ccondon-r7 at April 05, 2021 2:16pm UTC reported: One of three vulnerabilities CISA and the FBI have...

9.8CVSS8.9AI score0.99999EPSS
In wildExploits23References3
Check Point Advisories
Check Point Advisories
added 2019/10/17 12:0 a.m.29 views

Fortinet FortiOS SSL VPN Directory Traversal (CVE-2018-13379)

A directory traversal vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

5CVSS5.1AI score0.99999EPSS
Exploits22
Rows per page
Query Builder