Found 8 bookmarks
Custom sorting
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild. This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.
#watchtowr#EN#2024#Fortinet#FortiGate#CVE-2024-23113#PoC#vulnerabilty#analysis
·labs.watchtowr.com·
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Patch or Peril: A Veeam vulnerability incident
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
#group-ib#EN#2024#Veeam#vulnerability#incident#ransomware#FortiGate#NirSoft
·group-ib.com·
Patch or Peril: A Veeam vulnerability incident
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
#assetnote#EN#2024#exploitation#patch-diff#FortiGate#RCE#CVE-2024-21762
·assetnote.io·
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—the OS behind FortiGate firewalls—that allows remote code execution. There are 490,000 affected SSL VPN interfaces exposed on the internet, and roughly 69% of them are currently unpatched. You should patch yours now
#bishopfox#EN#2023#FortiGate#CVE-2023-27997
·bishopfox.com·
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.
#labs.watchtowr#EN#2023#Xortigate#XOR#RCE#CVE-2023-27997#FortiGate#analysis
·labs.watchtowr.com·
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was