https://twitter.com/naglinagli/status/1580622895734460416?t=6rg9INmiw19VEyNj1JPd_Q&s=09
PoC for FortiOS CVE-2022-40684
PoC for FortiOS CVE-2022-40684
X (formerly Twitter)
Nagli (@naglinagli) on X
We have successfully managed to replicate and confirm the public PoC for CVE-2022-40684. which grants SSH access without any interaction to vulnerable FortiOS instances, with CVSS score of 9.6.
Nuclei template for scanning can be found here:
https://t.co/HPa4XvdNcC…
Nuclei template for scanning can be found here:
https://t.co/HPa4XvdNcC…
Темплейты нуклея обновились и было добавлено 25 новых CVEs:
🔥 Apache ActiveMQ - Remote Code Execution [critical]
🔥 CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution [critical]
🔥 Apache OFBiz < 18.12.10 - Arbitrary Code Execution [critical]
🔥 Qlik Sense Enterprise - HTTP Request Smuggling [critical]
🔥 ZoneMinder Snapshots - Command Injection [critical]
🔥 Chamilo LMS <= v1.11.20 Unauth Command Injection [critical]
🔥 Worpress Backup Migration <= 1.3.7 - Unauth Remote Code Execution [critical]
Проверять обновления можно командой:
#Nuclei #BugBounty
🔥 Apache ActiveMQ - Remote Code Execution [critical]
🔥 CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution [critical]
🔥 Apache OFBiz < 18.12.10 - Arbitrary Code Execution [critical]
🔥 Qlik Sense Enterprise - HTTP Request Smuggling [critical]
🔥 ZoneMinder Snapshots - Command Injection [critical]
🔥 Chamilo LMS <= v1.11.20 Unauth Command Injection [critical]
🔥 Worpress Backup Migration <= 1.3.7 - Unauth Remote Code Execution [critical]
Проверять обновления можно командой:
nuclei -nt -severity critical --vv
#Nuclei #BugBounty