Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-35842: Fortiguard

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

CVE
Open in Source
#ios#ldap#auth#telnet#ssl

** PSIRT Advisories**

FortiOS – Telnet on the SSL-VPN interface results in information leak

Summary

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

Affected Products

FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.6
FortiOS version 6.4.0 through 6.4.9

Solutions

Please upgrade to FortiOS version 7.2.2 or above
Please upgrade to FortiOS version 7.0.7 or above
Please upgrade to FortiOS version 6.4.10 or above

References

  • Reboot FortiOS or kill the SSL-VPN process or disable DTLS settings [if enabled]

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE