Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36169: Fortiguard

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations.

CVE
Open in Source
#vulnerability#ios

PSIRT Advisories

FortiOS - debug commands allow memory manipulation

Summary

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific
chains of `print str` and `cmd mem` cli commands to, respectively, read and write hexadecimal values to any memory address.

Affected Products

Any FortiGate version 7.0.0 or below is impacted.
Any FortiGate version 6.4.6 or below is impacted.
Any FortiGate version 6.2.9 or below is impacted.
Any FortiGate version 6.0.14 or below is impacted.
Any FortiGate version 5.6.14 or below is impacted.

Solutions

Upgrade FortiGate firmware with any version greater or equals to 7.0.1
Upgrade FortiGate firmware with any version greater or equals to 6.4.7
Upgrade FortiGate firmware with any version greater or equals to 6.2.10

Acknowledgement

Fortinet is pleased to thank Orange CERT-CC team for reporting this vulnerability under responsible disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE