CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, Hitachi, and Progress Software
March 4, 2025Multiple Apple macOS Vulnerabilities
March 4, 2025CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, Hitachi, and Progress Software
March 4, 2025Multiple Apple macOS Vulnerabilities
March 4, 2025Severity
Medium
Analysis Summary
CVE-2024-36505 CVSS:5.1
Fortinet FortiOS could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to bypass real-time file system integrity checking write protection.
CVE-2023-26211 CVSS:6.8
Fortinet FortiSOAR is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Communications module. A remote attacker could exploit this vulnerability to execute a script in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2022-27486 CVSS:6.6
Fortinet FortiDDoS could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by os command injection. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-21759 CVSS:4.3
Fortinet FortiPortal could allow a remote attacker to bypass security restrictions, caused by user-controlled key vulnerability in policy API. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to view unauthorized resources.
Impact
- Security Bypass
- Cross-site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2024-36505
CVE-2023-26211
CVE-2022-27486
CVE-2024-21759
Affected Vendors
Affected Products
- Fortinet FortiPortal 7.0.0
- Fortinet FortiSOAR 7.3.0
- Fortinet FortiPortal 7.2.0
- Fortinet FortiOS 7.2.7
- Fortinet FortiOS 7.4.3
- Fortinet FortiOS 7.0.14
- Fortinet FortiOS 6.4.15
- Fortinet FortiSOAR 7.4.0
- Fortinet FortiSOAR 7.2
- Fortinet FortiSOAR 7.0
- Fortinet FortiDDoS - 5.7.0
- Fortinet FortiDDoS-F - 6.5.0
Remediation
Refer to Fortinet for patch, upgrade or suggested workaround information.