Critical RCE Bug Opens Fortinets Secure Web Gateway to Takeover

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical RCE Bug Opens Fortinets Secure Web Gateway to Takeover


Users should patch an unauthenticated remote code execution bug impacting FortiOS and FortiProxy administrative interfaces ASAP, Fortinet says.



Fortinet is warning users to patch a critical remote code execution (RCE) vulnerability in the FortiOS operating system, and in the FortiProxy secure Web gateway. 
An alert this week from FortiGuard Labs said a heap buffer underflow bug in the administrative interface could allow an unauthenticated, remote cyberattacker to execute code on a device running the platforms. The vulnerability could also allow a threat actor to perform a denial-of-service (DoS) attack on the GUI of devices running the vulnerable code, Fortinet added.
Fortinet has issued a
security update for FortiOS and FortiProxy
interfaces, and noted that no exploitation has been detected yet. 
Fortinet is not aware of any instance where this vulnerability was exploited in the wild, the alert explained. We continuously review and test the security of our products, and this vulnerability was internally discovered within that frame.
This is the latest bug to come to light in the popular security appliance vendors gear. Just late last month,
Fortinet urged FortiNAC users to update their systems
against a flaw that allowed unauthenticated attackers to write arbitrary system files.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical RCE Bug Opens Fortinets Secure Web Gateway to Takeover