FortiADC - Privilege escalation vulnerability using the automation cli-script feature

Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper access control vulnerability [CWE-284] in FortiADC automation feature may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script.

access access control attacker automation cli configuration control cwe escalation feature fortiadc low may privilege privileged privilege escalation privileges script vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiMail - User can see and modify address book folders title of other users 2 weeks, 2 days ago | fortiguard.fortinet.com

address attacker authorization book +8

FortiClient (Windows) - DLL Hijacking via openssl.cnf 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker cwe dll +14

FortiMail - Login mechanism without rate limitation 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker authentication brute +10

FortiOS & FortiProxy - DOS in headers management 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker cwe device +13

FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted 2 weeks, 2 days ago | fortiguard.fortinet.com

actions api attacker cors +15

FortiClient (Windows) - Arbitrary file deletion from unprivileged users 2 weeks, 2 days ago | fortiguard.fortinet.com

attacker authorization cwe deletion +9

FortiClient for Windows - Hardcoded credentials in vcm2.exe 2 weeks, 2 days ago | fortiguard.fortinet.com

attacker bypass credentials cwe +8

FortiEDRCollector (Windows) - Protection may be disabled by local attacker 2 weeks, 2 days ago | fortiguard.fortinet.com

access access control attacker control +15

FortiManager & FortiAnalyzer - Use of hardcoded credentials in fmgsvrd 2 weeks, 2 days ago | fortiguard.fortinet.com

access attacker credentials cwe +10

Paid internship - Cybersecurity [BGSW]

@ Bosch Group | Warszawa, Poland

View on infosec-jobs.com

Cybersecurity Officer

@ People In Need | Prague 2, Prague, Czechia

View on infosec-jobs.com

University -Cybersecurity Consultant

@ Booz Allen Hamilton | USA, CA, San Diego (1615 Murray Canyon Rd)

View on infosec-jobs.com

Senior Security Engineer, Detection Engineering

@ Lyft | Seattle, WA

View on infosec-jobs.com

Architecte de la sécurité des applications / Application Security Architect

@ Genetec | Montreal, Quebec, Canada

View on infosec-jobs.com

Telecommunications Sector| SIEM Engineer

@ Devoteam | Lisbon, Portugal

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiADC - Privilege escalation vulnerability using the automation cli-script feature

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Paid internship - Cybersecurity [BGSW]

Cybersecurity Officer

University -Cybersecurity Consultant

Senior Security Engineer, Detection Engineering

Architecte de la sécurité des applications / Application Security Architect

Telecommunications Sector| SIEM Engineer