FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted

Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.

actions api attacker cors cwe domain domains fortiadc information may origin policy privileged requests sensitive sensitive information untrusted vulnerability web

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Threat Analysis Engineer

@ Gen | IND - Tamil Nadu, Chennai

View on infosec-jobs.com

Head of Security

@ Hippocratic AI | Palo Alto

View on infosec-jobs.com

IT Security Vulnerability Management Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States

View on infosec-jobs.com

Security Engineer - Netskope/Proofpoint

@ Sainsbury's | Coventry, West Midlands, United Kingdom

View on infosec-jobs.com

Journeyman Cybersecurity Analyst

@ ISYS Technologies | Kirtland AFB, NM, United States

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Threat Analysis Engineer

Head of Security

IT Security Vulnerability Management Specialist (15.10)

Security Engineer - Netskope/Proofpoint

Journeyman Cybersecurity Analyst