Finding Fortinet web application firewall devices with Rumble
Recently published security research from Rapid7 provides details on an OS command injection vulnerability in Fortinet’s web application firewall (WAF) product line known as FortiWeb. This vulnerability exists in the FortiWeb management interface (versions 6.3.11 and prior) and has a CVSSv3 base score of 8.7 (currently awaiting CVE assignment). While authentication is required for successful exploitation of this vulnerability, Rapid7 researchers point out that chaining this with exploitation of an existing authentication bypass vulnerability could be a successful attack vector against vulnerable FortiWeb targets.
os:fortinet AND (tls.names:="FWB%" OR (tls.names:="FV%" AND NOT tls.names:="FVE%" AND NOT tls.names:="FVC%"))
Don’t have Rumble and need help finding your FortiWeb assets? Start your Rumble trial today.
December 3, 2021
Finding HP printers and MFPs vulnerable to Printing Shellz
Do you have HP printers and multi-function printers (MFPs)? You might want to look at the two recently published vulnerabilities that affect 150+ models. Named “Printing Shellz” by the F-Secure security researchers who reported them, these vulns have been around for ~8 …Read More
November 10, 2021
Find Nucleus TCP/IP assets with accessible FTP services
Researchers at Forescout recently published findings on a new set of 13 vulnerabilities with the Nucleus RTOS TCP/IP stack, collectively referred to as NUCLEUS:13. Originally released in 1993, Nucleus is found in many different types of products, including devices in the …Read More
October 28, 2021
Finding PAX point-of-sale devices
PAX Technologies, a China-based company that manufactures a LOT of point-of-sale (POS) terminal devices, has been in the news this week following an FBI raid of a PAX Florida facility. While the FBI didn’t officially confirm much beyond serving a court-authorized search, a …Read More