all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiAnalyzer - Syslog not protected by an extra layer of authentication

Add to bookmarks
Oct. 10, 2023, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer may allow a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

attacker authentication authenticity cwe data device fortianalyzer may messages send server syslog unauthenticated verification vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 1 month ago | fortiguard.fortinet.com
actor attacker cwe device +17
FortiSandbox - Arbitrary file read on endpoint 1 month ago | fortiguard.fortinet.com
arbitrary files attacker cwe directory +12
FortiNAC-F - Lack of certificate validation 1 month ago | fortiguard.fortinet.com
attack attacker certificate channel +12
FortiOS - Format String in CLI command 1 month ago | fortiguard.fortinet.com
access admin arbitrary code attacker +16
FortiOS & FortiProxy - administrator cookie leakage 1 month ago | fortiguard.fortinet.com
administrator attacker conditions cookie +10
FortiSandbox - Arbitrary file delete on endpoint 1 month ago | fortiguard.fortinet.com
arbitrary files attacker cwe delete +13
FortiClientMac - Lack of configuration file validation 1 month ago | fortiguard.fortinet.com
arbitrary code attacker code configuration +15
FortiManager - Code Injection via Jinja Template 1 month ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +11
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 1 month ago | fortiguard.fortinet.com
access admin arbitrary code arbitrary code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Digital Security Infrastructure Manager

@ Wizz Air | Budapest, HU, H-1103
View on infosec-jobs.com

Sr. Solution Consultant

@ Highspot | Sydney
View on infosec-jobs.com

Cyber Security Analyst III

@ Love's Travel Stops | Oklahoma City, OK, US, 73120
View on infosec-jobs.com

Lead Security Engineer

@ JPMorgan Chase & Co. | Tampa, FL, United States
View on infosec-jobs.com

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Tulsa, OK, United States
View on infosec-jobs.com

GCP Incident Response Engineer

@ Publicis Groupe | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs