Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 05 May 2026 20:21:29 +0000 f4b941b1-94d9-4eba-86f9-33b8b7cf0c32 https://vulnerability.circl.lu/sighting/f4b941b1-94d9-4eba-86f9-33b8b7cf0c32/export {"uuid": "f4b941b1-94d9-4eba-86f9-33b8b7cf0c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42753", "type": "seen", "source": "https://t.me/cibsecurity/36701", "content": "\u203c CVE-2021-42753 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:30.000000Z"} {"uuid": "f4b941b1-94d9-4eba-86f9-33b8b7cf0c32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42753", "type": "seen", "source": "https://t.me/cibsecurity/36701", "content": "\u203c CVE-2021-42753 \u203c\n\nAn improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-02T14:28:30.000000Z"} https://vulnerability.circl.lu/sighting/f4b941b1-94d9-4eba-86f9-33b8b7cf0c32/export Wed, 02 Feb 2022 14:28:30 +0000 5ae4425b-c8dc-40fb-8970-dd983dfe23bf https://vulnerability.circl.lu/sighting/5ae4425b-c8dc-40fb-8970-dd983dfe23bf/export {"uuid": "5ae4425b-c8dc-40fb-8970-dd983dfe23bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42755", "type": "seen", "source": "https://t.me/cibsecurity/46470", "content": "\u203c CVE-2021-42755 \u203c\n\nAn integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:43.000000Z"} {"uuid": "5ae4425b-c8dc-40fb-8970-dd983dfe23bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42755", "type": "seen", "source": "https://t.me/cibsecurity/46470", "content": "\u203c CVE-2021-42755 \u203c\n\nAn integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-18T20:39:43.000000Z"} https://vulnerability.circl.lu/sighting/5ae4425b-c8dc-40fb-8970-dd983dfe23bf/export Mon, 18 Jul 2022 20:39:43 +0000 b77435da-c121-48db-8f2a-5a073b7c36eb https://vulnerability.circl.lu/sighting/b77435da-c121-48db-8f2a-5a073b7c36eb/export {"uuid": "b77435da-c121-48db-8f2a-5a073b7c36eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42750", "type": "seen", "source": "https://t.me/cibsecurity/48095", "content": "\u203c CVE-2021-42750 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:29.000000Z"} {"uuid": "b77435da-c121-48db-8f2a-5a073b7c36eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42750", "type": "seen", "source": "https://t.me/cibsecurity/48095", "content": "\u203c CVE-2021-42750 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:29.000000Z"} https://vulnerability.circl.lu/sighting/b77435da-c121-48db-8f2a-5a073b7c36eb/export Fri, 12 Aug 2022 20:33:29 +0000 e1d34474-2ad9-4eb6-8665-e803da796385 https://vulnerability.circl.lu/sighting/e1d34474-2ad9-4eb6-8665-e803da796385/export {"uuid": "e1d34474-2ad9-4eb6-8665-e803da796385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42751", "type": "seen", "source": "https://t.me/cibsecurity/48098", "content": "\u203c CVE-2021-42751 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:32.000000Z"} {"uuid": "e1d34474-2ad9-4eb6-8665-e803da796385", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42751", "type": "seen", "source": "https://t.me/cibsecurity/48098", "content": "\u203c CVE-2021-42751 \u203c\n\nA cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T20:33:32.000000Z"} https://vulnerability.circl.lu/sighting/e1d34474-2ad9-4eb6-8665-e803da796385/export Fri, 12 Aug 2022 20:33:32 +0000 93e7c7c9-3831-4005-9ce7-b83ee3d08b5e https://vulnerability.circl.lu/sighting/93e7c7c9-3831-4005-9ce7-b83ee3d08b5e/export {"uuid": "93e7c7c9-3831-4005-9ce7-b83ee3d08b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "seen", "source": "https://t.me/cibsecurity/55096", "content": "\u203c CVE-2021-4275 \u203c\n\nA vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T00:13:16.000000Z"} {"uuid": "93e7c7c9-3831-4005-9ce7-b83ee3d08b5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "seen", "source": "https://t.me/cibsecurity/55096", "content": "\u203c CVE-2021-4275 \u203c\n\nA vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T00:13:16.000000Z"} https://vulnerability.circl.lu/sighting/93e7c7c9-3831-4005-9ce7-b83ee3d08b5e/export Thu, 22 Dec 2022 00:13:16 +0000 9919d2f6-ca02-4f83-84e8-61ccab91ce3b https://vulnerability.circl.lu/sighting/9919d2f6-ca02-4f83-84e8-61ccab91ce3b/export {"uuid": "9919d2f6-ca02-4f83-84e8-61ccab91ce3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/cibsecurity/58360", "content": "\u203c CVE-2021-42756 \u203c\n\nMultiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:17:51.000000Z"} {"uuid": "9919d2f6-ca02-4f83-84e8-61ccab91ce3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/cibsecurity/58360", "content": "\u203c CVE-2021-42756 \u203c\n\nMultiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:17:51.000000Z"} https://vulnerability.circl.lu/sighting/9919d2f6-ca02-4f83-84e8-61ccab91ce3b/export Thu, 16 Feb 2023 22:17:51 +0000 1edadf5c-e36d-47b1-b133-1df35d308ffa https://vulnerability.circl.lu/sighting/1edadf5c-e36d-47b1-b133-1df35d308ffa/export {"uuid": "1edadf5c-e36d-47b1-b133-1df35d308ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/true_secator/4087", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 40 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0441\u0432\u043e\u0435\u0439 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u041f\u041e, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 FortiWeb, FortiOS, FortiNAC \u0438 FortiProxy.\n\n\u0414\u0432\u0430 \u0438\u0437 40 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 15 \u2014 \u043a\u0430\u043a \u0432\u044b\u0441\u043e\u043a\u0438\u0435, 22 \u2014 \u043a\u0430\u043a \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043e\u0434\u0438\u043d \u2014 \u043a\u0430\u043a \u043d\u0438\u0437\u043a\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 FortiNAC (CVE-2022-39952) \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 FortiNAC (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 9.4.0, \u0441 9.2.0 \u043f\u043e 9.2.5, \u0441 9.1.0 \u043f\u043e 9.1.7, 8.8, 8.7, 8.6, 8.5 \u0438 8.3), \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-39952\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3 9,8 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f).\n\nFortiNAC \u2014 \u044d\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0435\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412\u043d\u0435\u0448\u043d\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0443\u0442\u0438 [CWE-73] \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 FortiNAC \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 FortiNAC 7.2.0, 9.1.8, 9.1.8 \u0438 9.1.8.\n\n\u0412\u0442\u043e\u0440\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430 \u0432 \u043f\u0440\u043e\u043a\u0441\u0438-\u0434\u0435\u043c\u043e\u043d\u0435 FortiWeb (CVE-2021-42756 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,3), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e CVE, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443, \u043d\u043e \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c. CVE-2021-42756 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 FortiWeb (5.x, 6.0.7, 6.1.2, 6.2.6, 6.3.16 \u0438 6.4), \u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17 \u0438 7.0.0.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Fortinet, \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\nHorizon3 \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c PoC \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2023-02-20T09:47:48.000000Z"} {"uuid": "1edadf5c-e36d-47b1-b133-1df35d308ffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "https://t.me/true_secator/4087", "content": "Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f\u00a0\u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 40 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0441\u0432\u043e\u0435\u0439 \u043b\u0438\u043d\u0435\u0439\u043a\u0435 \u041f\u041e, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 FortiWeb, FortiOS, FortiNAC \u0438 FortiProxy.\n\n\u0414\u0432\u0430 \u0438\u0437 40 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u043e\u0446\u0435\u043d\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, 15 \u2014 \u043a\u0430\u043a \u0432\u044b\u0441\u043e\u043a\u0438\u0435, 22 \u2014 \u043a\u0430\u043a \u0441\u0440\u0435\u0434\u043d\u0438\u0435 \u0438 \u043e\u0434\u0438\u043d \u2014 \u043a\u0430\u043a \u043d\u0438\u0437\u043a\u0438\u0439.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f RCE-\u043e\u0448\u0438\u0431\u043a\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u0440\u0435\u0448\u0435\u043d\u0438\u0438 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438 FortiNAC (CVE-2022-39952) \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS: 9,8.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u043b\u0438\u044f\u044e\u0449\u0430\u044f \u043d\u0430 FortiNAC (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 9.4.0, \u0441 9.2.0 \u043f\u043e 9.2.5, \u0441 9.1.0 \u043f\u043e 9.1.7, 8.8, 8.7, 8.6, 8.5 \u0438 8.3), \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-39952\u00a0\u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3 9,8 (\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f).\n\nFortiNAC \u2014 \u044d\u0442\u043e \u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u044f\u043c \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0441\u0435\u0442\u0438 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0442\u044c \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0432\u0430\u0442\u044c \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c \u0443\u0433\u0440\u043e\u0437\u044b.\n\n\u0412\u043d\u0435\u0448\u043d\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0438\u043c\u0435\u043d\u0435\u043c \u0444\u0430\u0439\u043b\u0430 \u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e \u043f\u0443\u0442\u0438 [CWE-73] \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435 FortiNAC \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 FortiNAC 7.2.0, 9.1.8, 9.1.8 \u0438 9.1.8.\n\n\u0412\u0442\u043e\u0440\u044b\u043c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u043c \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0442\u0435\u043a\u0430 \u0432 \u043f\u0440\u043e\u043a\u0441\u0438-\u0434\u0435\u043c\u043e\u043d\u0435 FortiWeb (CVE-2021-42756 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS: 9,3), \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.\n\n\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e, \u0447\u0442\u043e CVE, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0435\u0449\u0435 \u0432 2021 \u0433\u043e\u0434\u0443, \u043d\u043e \u0434\u043e \u0441\u0438\u0445 \u043f\u043e\u0440 \u043d\u0435 \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u043b\u0430\u0441\u044c. CVE-2021-42756 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u043d\u0438\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 FortiWeb (5.x, 6.0.7, 6.1.2, 6.2.6, 6.3.16 \u0438 6.4), \u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17 \u0438 7.0.0.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c Fortinet, \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438.\n\nHorizon3 \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c PoC \u0434\u043b\u044f \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0435\u0435 \u0432\u0440\u0435\u043c\u044f, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u043a\u0440\u0430\u0439\u043d\u0435 \u0432\u0430\u0436\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0431\u044b\u0441\u0442\u0440\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u043b\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.", "creation_timestamp": "2023-02-20T09:47:48.000000Z"} https://vulnerability.circl.lu/sighting/1edadf5c-e36d-47b1-b133-1df35d308ffa/export Mon, 20 Feb 2023 09:47:48 +0000 12ae7730-1ddb-4f59-9a22-01bea859b795 https://vulnerability.circl.lu/sighting/12ae7730-1ddb-4f59-9a22-01bea859b795/export {"uuid": "12ae7730-1ddb-4f59-9a22-01bea859b795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10703", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-39952 (CVSS score 9.8) and CVE-2021-42756 are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.\n\nhttps://securityaffairs.com/142553/hacking/poc-exploit-code-fortinet-fortinac.html", "creation_timestamp": "2023-02-23T05:57:38.000000Z"} {"uuid": "12ae7730-1ddb-4f59-9a22-01bea859b795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10703", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2022-39952 (CVSS score 9.8) and CVE-2021-42756 are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.\n\nhttps://securityaffairs.com/142553/hacking/poc-exploit-code-fortinet-fortinac.html", "creation_timestamp": "2023-02-23T05:57:38.000000Z"} https://vulnerability.circl.lu/sighting/12ae7730-1ddb-4f59-9a22-01bea859b795/export Thu, 23 Feb 2023 05:57:38 +0000 86ae7f4a-731a-4243-83b4-6d4d094d3c0e https://vulnerability.circl.lu/sighting/86ae7f4a-731a-4243-83b4-6d4d094d3c0e/export {"uuid": "86ae7f4a-731a-4243-83b4-6d4d094d3c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4275\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\ud83d\udccf Published: 2022-12-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:28:23.169Z\n\ud83d\udd17 References:\n1. https://github.com/katlings/pyambic-pentameter/commit/974f21aa1b2527ef39c8afe1a5060548217deca8\n2. https://vuldb.com/?id.216498", "creation_timestamp": "2025-04-14T17:54:43.000000Z"} {"uuid": "86ae7f4a-731a-4243-83b4-6d4d094d3c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4275", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4275\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.\n\ud83d\udccf Published: 2022-12-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T17:28:23.169Z\n\ud83d\udd17 References:\n1. https://github.com/katlings/pyambic-pentameter/commit/974f21aa1b2527ef39c8afe1a5060548217deca8\n2. https://vuldb.com/?id.216498", "creation_timestamp": "2025-04-14T17:54:43.000000Z"} https://vulnerability.circl.lu/sighting/86ae7f4a-731a-4243-83b4-6d4d094d3c0e/export Mon, 14 Apr 2025 17:54:43 +0000 1dd04198-2f77-4633-9174-287dce73dde3 https://vulnerability.circl.lu/sighting/1dd04198-2f77-4633-9174-287dce73dde3/export {"uuid": "1dd04198-2f77-4633-9174-287dce73dde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:56.000000Z"} {"uuid": "1dd04198-2f77-4633-9174-287dce73dde3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-42756", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:56.000000Z"} https://vulnerability.circl.lu/sighting/1dd04198-2f77-4633-9174-287dce73dde3/export Sun, 31 Aug 2025 03:12:56 +0000