OEM | Fortinet |
Severity | Critical |
Date of Announcement | 2024-10-16 |
CVSS Score | 9.8 |
CVE | CVE-2024-23113 |
CWE | CWE-134 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
A Critical vulnerability (CVE-2024-23113) has been identified in the FortiOS fgfmd daemon, which enables unauthenticated attackers to remotely execute arbitrary code or commands. This flaw arises from a format string vulnerability (CWE-134) within the fgfmd daemon, where specially crafted requests can initiate arbitrary code execution, potentially resulting in full system compromise. Affected versions include multiple releases of FortiOS, FortiPAM, FortiProxy, and FortiWeb.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Fortinet Products Format Sting Vulnerability | CVE-2024-23113 | FortiOS, FortiProxy, FortiPAM, FortiWeb | Critical | 9.8 |
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-23113 | FortiOS (7.4.0-7.4.2, 7.2.0-7.2.6, 7.0.0-7.0.13), FortiProxy (7.4.0-7.4.2, 7.2.0-7.2.8, 7.0.0-7.0.15), FortiPAM (1.2 and lower), FortiWeb (7.4.0-7.4.2) | The vulnerability lies in the fgfmd daemon’s handling of format strings in incoming requests, which can be exploited by remote attackers via crafted inputs. Exploitation of this flaw allows attackers to execute unauthorized code or commands on the affected systems. | Remote Code Execution (RCE) |
Fortinet has released security patches addressing this vulnerability. Here is the below patched versions for the Fortinet products.
OEM | Zimbra |
Severity | Critical |
Date of Announcement | 2024-10-02 |
CVSS Score | 10.0 |
CVE | CVE-2024-45519 |
CWE | -- |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
A critical vulnerability (CVE-2024-29847) has been identified in Ivanti Endpoint Manager, allowing unauthenticated attackers to execute arbitrary code remotely. This flaw is due to a deserialization of untrusted data issue in the AgentPortal.exe service, specifically within the .NET Remote framework. Exploitation can allow attackers to perform file operations such as reading or writing files on the server, potentially leading to full system compromise.
Vulnerability Name | CVE ID | Product Affected | Impact | CVSS Score |
Zimbra - Remote Command Execution | CVE-2024-45519 | Zimbra Collaboration Suite (ZCS) | Critical | 10.0 |
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-45519 | Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1 | Attackers sent spoofed emails, appearing to be from Gmail, with base64-encoded malicious code in the CC field. This code tricks Zimbra server into executing it as shell commands instead of processing it as email addresses. The goal is to create a web shell on vulnerable servers, enabling remote access and control. Once installed, the web shell listens for specific cookie values to execute commands or download malicious files. | Complete remote control of the affected Zimbra instance. |