Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
"An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted
Fortinet on Monday disclosed that aΒ newly patched critical flawΒ impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors.
TheΒ vulnerability, dubbed XORtigate and tracked asΒ CVE-2023-27997Β (CVSS score: 9.2), concerns aΒ heap-based buffer overflowΒ vulnerability in FortiOS and
Fortinet has released fixes toΒ address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.
The issue, tracked asΒ CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams.
"A buffer underwrite ('buffer underflow') vulnerability in
Login
FreshRSS