Found 2 bookmarks
Custom sorting
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
On Wednesday, January 8, 2025, Ivanti disclosed two CVEs affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. CVE-2025-0282 is a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the target device. CVE-2025-0283 is a stack-based buffer overflow that allows local authenticated attackers to escalate privileges on the device.
#rapid7#EN#2025#CVE-2025-0282#zero-day#Ivanti#CVE-2025-0283#ZTA#gateways
·rapid7.com·
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution. The vulnerability arises from a missing authentication for a critical function [CWE-306] in the FortiManager fgfmd daemon that allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability carries a CVSS v3 score of 9.8.
#rapid7#EN#2024#Fortinet#FortiManager#CVE-2024-47575#Zero-Day
·rapid7.com·
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks