Restricted CLI command bypass
An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS may allow a local authenticated attacker to execute system commands via crafted CLI commands. Revised on 2025-10-14 00:00:00
Read MoreAuthor: Cyberthreat Blog
Asian Nations Ramp Up Pressure on Cybercrime ‘Scam Factories’
After a particularly gruesome murder, South Korea issues “code black” travel ban for...
Read MorePrivilege escalation in shell
An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiSOAR may allow an attacker who has already obtained a non-login low privileged shell access...
Read MoreZTNA Server Improper Certificate Validation
An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiOS and FortiProxy ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections...
Read MoreStored XSS in parser tester
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests. Revised on...
Read More