Showing 13–18 of 49 results

Attackers Exploiting Critical Fortinet Authentication Bypass

Decipher: 10/14/22 “An attacker can use this vulnerability to do just about anything they want to the vulnerable system. This includes changing network configurations, adding new users, and initiating packet captures. Note that this is not the only way to exploit this vulnerability and there may be other sets of conditions that work,” James Horseman of Horizon3.ai, an offensive security...
Read More

PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin

Security Week: 10/14/22 Penetration testing company Horizon3.ai has made public a PoC exploit that allows an attacker to add an SSH key to the admin user, enabling the attacker to access the targeted system with administrator privileges. The firm has also released technical details, and others have created templates for vulnerability scanners. Read the entire article here
Read More

New auth bypass bug targets FortiGate firewalls and FortiProxy web proxies

IT World Canada 10/14/22 Security experts from Horizon3.ai provided a proof-of-concept (PoC) exploit and a technical analysis of the root cause of the vulnerability. This exploit can exploit the authentication bypass flaw to set an SSH key for the user, which is specified from the command line when the Python script is started. Read the entire article here
Read More

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.