Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30298: Fortiguard

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

CVE
#vulnerability#nginx

** PSIRT Advisories**

FortiSOAR - Privilege escalation from nginx user to root

Summary

An improper privilege management vulnerability [CWE-269] in FortiSOAR may allow a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

Affected Products

FortiSOAR version 7.2.0
FortiSOAR version 7.0.0 through 7.0.2
FortiSOAR version 6.4.0 through 6.4.4

Solutions

Please upgrade to FortiSOAR version 7.2.1 or above
Please upgrade to FortiSOAR version 7.0.3 or above

Acknowledgement

Fortinet is pleased to thank security researchers Ryan Catterall and OJ Reeves of Beyond Binary for discovering and reporting this vulnerability under responsible disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907