Censys
Vulnerability with high CVSS value discovered
A vulnerability with a particularly high CVSS (Common Vulnerability Scoring System) score of 9.8 affects several Fortinet products and allows unauthenticated attackers to execute arbitrary code or commands, Censys announced.
Up to 2,878 instances worldwide could potentially be affected, says Censys, a provider of threat hunting and attack surface management tools. This could happen by attackers sending HTTP requests with specially crafted hash cookies. According to Censys, the stack-based buffer overflow vulnerability affects FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.
The manufacturer published a security advisory last week summarizing suspicious log entries, IP addresses, modified system files and changes to configurations. It is recommended to search for signs of compromise using the CLI commands provided and to examine certain system files. In addition, HTTP/HTTPS management interfaces of affected devices should be disabled until the patches are installed. Patches are available for the affected products. There is currently no indication that a public proof-of-concept exploit exists.
In an investigation of threat intelligence data, Censys observed that a total of 2,878 Fortinet devices worldwide are potentially vulnerable to the exploit. As no information on the specific versions was available during the investigation, not all observed instances are necessarily vulnerable. In addition to numerous instances in the USA, some systems in Europe and Germany are also potentially affected. The results on the distribution of potentially affected instances were determined using the tools of the Censys platform.
You might also be interested in
Study on the working world of tomorrow
Merging technical skills and soft skills
AI is profoundly changing jobs, but at the same time it is making human skills indispensable. The new Skills Economy Report 2026 from SkyHive by Cornerstone shows that roles in the future will require both technical skills and soft skills.
read more...Making shadow AI controllable
Cycode is expanding its platform to include an AI inventory and an AI parts list. The aim is for companies to recognize which AI tools, models and assistants developers use throughout the entire software lifecycle, including shadow AI.
read more..."Crash test" for LLMs in AI agents
Lakera and the UK AI Security Institute have launched 'b3', a new open source benchmark. b3 is an open source security evaluation project specifically designed to protect Large Language Models (LLM) in AI agents.
read more...AI coding is becoming the risky norm
AI-supported software development is profoundly changing the security situation, according to the new report "Future of Application Security in the Era of AI" by Checkmarx. 81% of companies knowingly deliver insecure code.
read more...APT Group has energy facilities in its sights
According to recent analyses by Kaspersky, the notorious advanced persistent threat (APT) group SideWinder has adapted its attack strategies and expanded its geographical targets. SideWinder is now also targeting nuclear power plants and energy...
read more...Zero Day Vulnerabilities - the consequences of a large-scale cyber attack
The series 'Zero Day' deals with the cyber threat situation and highlights the consequences of a large-scale cyber attack in the USA. It addresses a highly topical and real risk: Cyberattacks that target previously unknown vulnerabilities -...
read more...Manufacturing industry: top target of ransomware attacks
Ransomware tactics continue to evolve, targeting industries with low tolerance for downtime. Artic Wolf publishes figures on this.
read more...New partnership for cyber consulting
Orange Cyberdefense and Weidmüller have announced their strategic partnership in the field of cybersecurity consulting. The aim is to make it easier for manufacturing companies to access comprehensive cybersecurity consulting services.
read more...Christoph Beckenbauer is the new General Manager Memory
Christoph Beckenbauer joined Swissbit on February 1 as the new General Manager Memory. With extensive experience in the areas of embedded systems and cybersecurity, he takes over the management of the Memory division.
read more...