Found 2 bookmarks
Custom sorting
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited in the wild. In this post we detail the steps we took to identify the patched vulnerability and produce a working exploit.
#assetnote#EN#2024#exploitation#patch-diff#FortiGate#RCE#CVE-2024-21762
·assetnote.io·
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.
#labs.watchtowr#EN#2023#Xortigate#XOR#RCE#CVE-2023-27997#FortiGate#analysis
·labs.watchtowr.com·
Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was