{"vulnerability": "cve-2023-25610", "sightings": [{"uuid": "e07e40ff-58d6-4f25-a6b9-2b31f47fab57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114218429215265349", "content": "", "creation_timestamp": "2025-03-24T16:48:41.057330Z"}, {"uuid": "c0809528-eda9-4050-9b72-733a0a77ed93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll56zwcygw2n", "content": "", "creation_timestamp": "2025-03-24T16:39:38.081191Z"}, {"uuid": "bfdd4a2a-fd82-471a-ae48-b0e5e9bcec33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114218404731887577", "content": "", "creation_timestamp": "2025-03-24T16:42:25.394208Z"}, {"uuid": "d2ccac33-0267-46d1-9230-75b8470103cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon5xfhz2f", "content": "", "creation_timestamp": "2025-03-26T21:02:10.422837Z"}, {"uuid": "62a44b80-c155-477c-b04f-5b475d69afd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://www.cert.at/de/warnungen/2023/3/kritische-sicherheitslucke-in-fortios-und-fortiproxy-updates-verfugbar", "content": "", "creation_timestamp": "2023-03-08T14:44:27.000000Z"}, {"uuid": "57233d6a-740f-4a76-957e-d1afd277f317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://bsky.app/profile/redteamnews.bsky.social/post/3ll5ecnvgaf2k", "content": "", "creation_timestamp": "2025-03-24T18:13:56.674513Z"}, {"uuid": "61d5ab47-6a51-457c-aa4e-a0b01ade5caa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/GithubRedTeam/4034", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-23397 powershell patch script for Windows 10 and 11 \nURL\uff1ahttps://github.com/PSIRT-REPO/CVE-2023-25610\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-25T08:56:12.000000Z"}, {"uuid": "a3a0102b-7721-4a33-91d6-29c55edce63f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3925", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aCVE-2023-25610 is an unauthenticated RCE which affects FortiOS and FortiProxy\nURL\uff1ahttps://github.com/uicres/CVE-2023-25610-PoC\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-11T12:08:23.000000Z"}, {"uuid": "c1115452-a224-47c0-b92e-27203cef003b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3956", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aMass RCE Exploiter for Fortinet(FortiOS/Fortiproxy) CVE-2023-25610\nURL\uff1ahttps://github.com/l1ced/CVE-2023-25610-mass\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-16T13:47:01.000000Z"}, {"uuid": "ac5a6810-f2b4-46ef-b33e-37468e057b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/kasraone_com/377", "content": "\u062a\u0648\u062c\u0647! \u0634\u0631\u06a9\u062a \u0641\u0648\u0631\u062a\u06cc\u0646\u062a \u067e\u0686\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0631\u0627\u06cc \u06f1\u06f5 \u0622\u0633\u06cc\u0628 \u062c\u062f\u06cc\u062f\u060c \u0627\u0632 \u062c\u0645\u0644\u0647 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u0642\u0627\u0628\u0644 \u062a\u0648\u062c\u0647 (CVE-2023-25610) \u06a9\u0647 \u0628\u0631 \u0631\u0648\u06cc \u0641\u0648\u0631\u062a\u200c\u0622\u06cc\u200c\u0627\u0633 \u0648 \u0641\u0648\u0631\u062a\u06cc\u200c\u067e\u0631\u0648\u06a9\u0633\u06cc \u062a\u0623\u062b\u06cc\u0631 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f \u0648 \u0645\u0645\u06a9\u0646 \u0627\u0633\u062a \u0628\u0647 \u062d\u0645\u0644\u0627\u062a \u06a9\u0646\u0646\u062f\u06af\u0627\u0646 \u0627\u062c\u0627\u0632\u0647 \u062f\u0647\u062f \u06a9\u0646\u062a\u0631\u0644 \u0633\u0627\u0645\u0627\u0646\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f.\n\n\u062c\u0632\u0626\u06cc\u0627\u062a:\n https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html", "creation_timestamp": "2023-07-15T21:05:40.000000Z"}, {"uuid": "d01aba17-f6e0-43d3-92d3-10b9fa6bd0e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/kasperskyb2b/511", "content": "\ud83d\udde3\u0414\u0430\u0439\u0434\u0436\u0435\u0441\u0442 \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0434\u0435\u043b\u0438:\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0442 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c OneNote \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043d\u0430\u0433\u0440\u0443\u0437\u043e\u043a, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 Microsoft \u043f\u043b\u0430\u043d\u0438\u0440\u0443\u0435\u0442 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0443\u0441\u0438\u043b\u0435\u043d\u043d\u0443\u044e \u0437\u0430\u0449\u0438\u0442\u0443 \u043e\u0442 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 OneNote-\u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0432 \u043a\u043e\u043d\u0446\u0435 \u0430\u043f\u0440\u0435\u043b\u044f. \u0415\u0441\u043b\u0438 \u043d\u0435 \u0436\u0435\u043b\u0430\u0435\u0442\u0435 \u0436\u0434\u0430\u0442\u044c \u043c\u0438\u043b\u043e\u0441\u0442\u0435\u0439 \u043e\u0442 \u043f\u0440\u0438\u0440\u043e\u0434\u044b \u0420\u0435\u0434\u043c\u043e\u043d\u0434\u0430, \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u044f OneNote \u0446\u0435\u043b\u0438\u043a\u043e\u043c \u0438\u043b\u0438 \u043f\u043e \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u043c \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u043c \u043c\u043e\u0436\u043d\u043e \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0445 \u043f\u043e\u043b\u0438\u0442\u0438\u043a Microsoft 365.\n\n\u2705 Github \u0432\u0432\u043e\u0434\u0438\u0442 c \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u0434\u043d\u044f \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u0443\u044e 2FA \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432. \u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c \u0442\u0430\u043a\u0436\u0435, \u0447\u0442\u043e \u0441 1 \u043c\u0430\u0440\u0442\u0430 \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0441\u0435\u0440\u0432\u0438\u0441 \u043f\u043e \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0441\u043e\u0445\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0435 \u0441\u0435\u043a\u0440\u0435\u0442\u044b.\n\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Jenkins (CVE-2023-27898, 27899, 27905) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.  \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Jenkins / Jenkins LTS, \u0430 \u0442\u0430\u043a\u0436\u0435 update-center2.\n\n\u0421\u0440\u043e\u0447\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f FortiOS \u0438 FortiProxy \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043e\u0448\u0438\u0431\u043a\u0438 buffer underflow, \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 FortiGate \u0438 FortiWiFi (CVE-2023-25610, CVSS 9.3).\n\n\u0421\u0442\u0430\u0440\u044b\u0435, \u0437\u0430\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 VMWare Cloud Foundation (CVE-2021-39144, CVSS 9.8) \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u0442\u043e\u0438\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u043f\u0430\u0442\u0447\u0438 \u0431\u044b\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u044b. \n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0441\u0435\u0445 \u0432\u0435\u0440\u0441\u0438\u0439  Veeam Backup &amp; Replication \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0443\u0447\u0435\u0442\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438, \u043a\u0430\u043a \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u2014 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CVE-2023-27532, CVSS 7.5). \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043d\u043e\u0439 \u043c\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a TCP \u043f\u043e\u0440\u0442\u0443 9401 \u043d\u0430 backup-\u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\u27a1\ufe0f \u041a\u043e\u043c\u0430\u043d\u0434\u0430 Kaspersky ICS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u0437\u043e\u0440 \u043b\u0430\u043d\u0434\u0448\u0430\u0444\u0442\u0430 \u0443\u0433\u0440\u043e\u0437 \u0434\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0439 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u2014 \u0432 \u0420\u0424 \u0447\u0430\u0449\u0435 \u0441\u0442\u0430\u043b\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0430\u0442\u044c\u0441\u044f \u0430\u0442\u0430\u043a\u0430\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0438\u0437 \u044d\u043d\u0435\u0440\u0433\u0435\u0442\u0438\u043a\u0438, \u0438\u043d\u0436\u0438\u043d\u0438\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442", "creation_timestamp": "2023-03-13T09:03:22.000000Z"}, {"uuid": "ab7ad252-3a54-4dc5-ba6e-d6ee326bcc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/kasperskyb2b/508", "content": "\u26a1\ufe0f\u26a1\ufe0f\u26a1\ufe0f\u0421\u0440\u043e\u0447\u043d\u044b\u0439 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f FortiOS \u0438 FortiProxy\n\n\u0415\u0441\u043b\u0438 \u0432\u044b \u0435\u0449\u0451 \u043a\u0430\u043a\u0438\u043c-\u0442\u043e \u0447\u0443\u0434\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Fortinet, \u0441\u0440\u043e\u0447\u043d\u043e \u0438\u0437\u0443\u0447\u0438\u0442\u0435 \u0441\u0432\u0435\u0436\u0438\u0439 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0438 \u043f\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u0435 \u043f\u0430\u0442\u0447. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (underflow) \u0432 \u0430\u0434\u043c\u0438\u043d\u043a\u0435 (CVE-2023-25610, CVSS 9.3) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0442\u0438\u043f\u0430  \u00ab\u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438\u00bb, \u0430 \u0432 \u0440\u044f\u0434\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u2014 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 FortiGate \u0438 FortiWiFi.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435 (\u043f\u043e\u043a\u0430) \u043d\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u0430.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0430\u0442\u0447, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u043d\u0430 HTTP/HTTPS \u0438\u043b\u0438 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430, \u043f\u043e \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043a \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0443 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u044c\u0441\u044f \u043b\u0438\u0448\u044c \u0441 \u0438\u0437\u0431\u0440\u0430\u043d\u043d\u044b\u0445 IP.\n\n \u041f2\u0422  #\u043d\u043e\u0432\u043e\u0441\u0442\u0438", "creation_timestamp": "2023-03-09T08:10:47.000000Z"}, {"uuid": "817cc96d-f213-4b02-83d5-b6e7df6dc1e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/KomunitiSiber/35", "content": "New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access\nhttps://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html\n\nFortinet has released fixes to\u00a0address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems.\nThe issue, tracked as\u00a0CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams.\n\"A buffer underwrite ('buffer underflow') vulnerability in", "creation_timestamp": "2023-03-09T17:06:03.000000Z"}, {"uuid": "2ed372af-7c01-4f83-80cf-d6619e1b9b0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/cvedetector/20978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-25610 - Fortinet FortiOS and FortiProxy Buffer Underwrite Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2023-25610 \nPublished : March 24, 2025, 4:15 p.m. | 1\u00a0hour, 3\u00a0minutes ago \nDescription : A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T18:24:30.000000Z"}, {"uuid": "3d6e2bbb-d283-4321-adcb-bce291251621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/ctinow/97994", "content": "Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)\n\nhttps://ift.tt/9Z2h5jT", "creation_timestamp": "2023-03-09T13:01:44.000000Z"}, {"uuid": "0b1cb36a-dc93-4dea-91aa-2c083b1af272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/thehackernews/3128", "content": "\ud83d\udea8Attention! Fortinet has released security patches for 15 new flaws, including a critical vulnerability (CVE-2023-25610) affecting FortiOS and FortiProxy that could allow attackers to take control of affected systems.\n\nDetails: https://thehackernews.com/2023/03/new-critical-flaw-in-fortios-and.html", "creation_timestamp": "2023-03-09T06:27:21.000000Z"}, {"uuid": "bb97f764-992f-4694-b538-409a4be54034", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "Telegram/Z42dUL5SlpUKhzaB8z2JtVDGF4e8DZjU4NsnyrTR2CVbxw", "content": "", "creation_timestamp": "2023-06-27T08:09:48.000000Z"}, {"uuid": "57c4c76f-2ef7-41d4-87be-af7a91101d4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3088", "content": "Tools \ud83d\udd27 \ud83d\udd28 \ud83d\udd27  - HackersFactory\n\n\u200b\u200bCVE-2023-25610\n\nRCE vulnerability in FortiOS\n\nhttps://github.com/qi4L/CVE-2023-25610\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bCVE-2023-29343\n\nThis is PoC for arbitrary file write bug in Sysmon version 14.14\n\nhttps://github.com/Wh04m1001/CVE-2023-29343\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bBufferOverflowAttack\n\n\ud83d\udd10 Explores techniques to exploit and manipulate buffer overflow vulnerabilities in a program.\n\nhttps://github.com/minsooerickim/BufferOverflowAttack\n\n#infosec #pentesting #redteam\n\n\u200b\u200bScanners-Box\n\nA powerful and open-source toolkit for hackers and security automation.\n\nhttps://github.com/We5ter/Scanners-Box\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-20178\n\nThis is PoC for Arbitrary File Delete vulnerability in Cisco Secure Client (tested on 5.0.01242) and Cisco AnyConnect (tested on 4.10.06079).\n\nhttps://github.com/Wh04m1001/CVE-2023-20178\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bActive Directory Advanced Threat Hunting\n\nIdentify vulnerabilities before others do!\n\nhttps://github.com/tomwechsler/Active_Directory_Advanced_Threat_Hunting\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bbug-bounty-standards\n\nA list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.\n\nhttps://github.com/hakluke/bug-bounty-standards\n\n#cybersecurity #infosec #bugbounty\n\n\u200b\u200bWeb3Bugs\n\nDemystifying Exploitable Bugs in Smart Contracts.\n\nhttps://github.com/ZhangZhuoSJTU/Web3Bugs\n\n#cybersecurity #infosec\n\n\u200b\u200b\ud83d\udd11 Mantra\n\nA tool used to hunt down API key leaks in JS files and pages.\n\nhttps://github.com/MrEmpy/Mantra\n\n#infosec #pentesting #redteam\n\n\u200b\u200biOS Penetration Testing Cheat Sheet\n\nThis is more of a checklist for myself. May contain useful tips and tricks.\n\nhttps://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet\n\nhttps://t.me/dilagrafie\n\n#cybersecurity #infosec #pentesting", "creation_timestamp": "2023-06-20T05:09:47.000000Z"}, {"uuid": "1c95580c-a1f2-432a-944e-6a0de4b05915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "exploited", "source": "https://t.me/true_secator/4165", "content": "\u041d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0443\u0447\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u043a\u0440\u0443\u043f\u043d\u044b\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f 0-day \u0432 \u041f\u041e Fortinet FortiOS.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043f\u043e\u0442\u0435\u0440\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u041e\u0421, \u0430 \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430 \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442, \u0447\u0442\u043e \u0437\u0430 \u0430\u0442\u0430\u043a\u0430\u043c\u0438 \u0441\u0442\u043e\u0438\u0442 \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u0439 \u0441\u0443\u0431\u044a\u0435\u043a\u0442, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0439 \u043f\u0440\u0435\u0438\u043c\u0443\u0449\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u043d\u0430 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438\u043b\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0435 \u0441 \u043d\u0438\u043c\u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0438\u0434\u0435\u0442 \u0440\u0435\u0447\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2022-41328 \u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438 \u0432 FortiOS, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 CLI.\n\n\u042d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 FortiOS \u0441 6.0, 6.2, \u0441 6.4.0 \u043f\u043e 6.4.11, \u0441 7.0.0 \u043f\u043e 7.0.9 \u0438 \u0441 7.2.0 \u043f\u043e 7.2.3. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 6.4.12, 7.0.10 \u0438 7.2.4 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Fortinet \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f 15 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2022-41328 \u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 CVE-2023-25610 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,3), \u0432\u043b\u0438\u044f\u044e\u0449\u0443\u044e \u043d\u0430 FortiOS \u0438 FortiProxy.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 FortiGate, \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0438\u0445 \u043d\u0435\u043d\u0430\u0437\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0443, \u0443\u0436\u0435 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u043e\u0442 \u0432\u043d\u0435\u0437\u0430\u043f\u043d\u043e\u0439 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u0441\u0431\u043e\u044f.\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430 \u043f\u043e\u043a\u0430\u0437\u0430\u043b, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0434\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043e\u0431\u0440\u0430\u0437 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0432\u043a\u043b\u044e\u0447\u0438\u0432 \u0432 \u043d\u0435\u0433\u043e \u043d\u043e\u0432\u0443\u044e \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 (\u00ab/bin/fgfm\u00bb), \u0447\u0442\u043e\u0431\u044b \u043e\u043d\u0430 \u0432\u0441\u0435\u0433\u0434\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u043b\u0430\u0441\u044c \u0434\u043e \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438.\n\n\u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0435 \u041f\u041e /bin/fgfm \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043e \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0442\u0430\u043a\u0442\u0430 \u0441 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432, \u044d\u043a\u0441\u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u043e \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0433\u043e \u0445\u043e\u0441\u0442\u0430 \u0438 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0446\u0435\u043d\u0442\u0440\u0443 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u041f\u0440\u0438\u0447\u0435\u043c, \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f, \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0435 \u0432 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0443, \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c, \u043d\u0435 \u0433\u043e\u0432\u043e\u0440\u044f \u0443\u0436\u0435 \u043e\u0431 \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u043f\u0440\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0435.\n\n\u0412 Fortinet \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0438 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0442 \u043d\u0430 \u0443\u0447\u0430\u0441\u0442\u0438\u0435 \u0410\u0420\u0422.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0441\u043b\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0433\u043b\u0443\u0431\u043e\u043a\u043e \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0435\u0442\u0441\u044f \u0432 FortiOS \u0438 \u0431\u0430\u0437\u043e\u0432\u043e\u043c \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u0438, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0434\u043b\u044f \u0440\u0435\u0432\u0435\u0440\u0441\u0430 \u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 FortiOS.", "creation_timestamp": "2023-03-14T12:25:07.000000Z"}, {"uuid": "77369e25-639c-48fd-a0b1-f418d7f16b59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "seen", "source": "https://t.me/true_secator/4143", "content": "Fortinet \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 RCE \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u043e\u043f\u0443\u0441\u0442\u043e\u0448\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2023-25610 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS v3 9,3.\n\n\u041e\u043d\u0430 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 FortiOS \u0438 FortiProxy \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u044b\u0432\u0430\u0442\u044c DoS \u0432 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430\u043f\u0440\u043e\u0441\u044b.\n\n\u0411\u0430\u0433\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 FortiOS (\u0432\u0435\u0440\u0441\u0438\u0438 \u0441 7.2.0 \u043f\u043e 7.2.3, \u0441 7.0.0 \u043f\u043e 7.0.9, \u0441 6.4.0 \u043f\u043e 6.4.11, \u0441 6.2.0 \u043f\u043e 6.2.12) FortiOS 6.0 (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438), FortiProxy (\u0432\u0435\u0440\u0441\u0438\u0438 \u0441 7.2.0 \u043f\u043e 7.2.2, \u0441 7.0.0 \u043f\u043e 7.0.8, \u043e\u0442 2.0.0 \u0434\u043e 2.0.11), FortiProxy 1.2 (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438) \u0438 FortiProxy 1.1 (\u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438).\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c Fortinet \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043f\u044f\u0442\u044c\u0434\u0435\u0441\u044f\u0442 \u043c\u043e\u0434\u0435\u043b\u0435\u0439 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432, \u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043d\u0435 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b RCE, \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f DoS, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d\u0438 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0442 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 FortiOS.\n\n\u0412 \u043d\u043e\u0432\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 \u0434\u043b\u044f \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 CVE-2023-25610 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u0440\u0438\u0441\u0442\u0430\u043b\u044c\u043d\u043e \u0441\u043b\u0435\u0434\u044f\u0442 \u0437\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 Fortinet, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u0442\u0435\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f, \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, Fortinet \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0439 \u043f\u0443\u0442\u044c \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 HTTP/HTTPS \u0438\u043b\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043a \u043d\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u0418\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u0438 \u043f\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044e \u043e\u0431\u0445\u043e\u0434\u043d\u044b\u0445 \u043f\u0443\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u043e\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0441\u043b\u0443\u0447\u0430\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0440\u0442\u0430 \u043d\u0435 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0432 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u043e\u043a\u0430 \u0436\u0435 Fortinet \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0435\u0439 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.", "creation_timestamp": "2023-03-09T08:40:45.000000Z"}, {"uuid": "d330c2d1-7003-4053-91cd-bb08024100ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3710", "content": "\ud83d\udda5Dataleak:\n\n\ud83d\udd31DataLeak uprint_id : https://www.system32.ink/2023/06/DataLeak-uprint.id.html\n\n\ud83d\udd31Leak RaidForums  : https://www.system32.ink/2023/06/leak-raidforums-database-by-exposedvc.html\n\n\ud83d\udd31Leak Santander bank Mexico : https://www.system32.ink/2023/06/leak-santander-bank-mexico.html\n\n\ud83d\udd31Leak Tour Partner Group (tourpartnergroup.com) : https://www.system32.ink/2023/06/leak-tour-partner-group.html\n\n\ud83d\udda5Exploits:\n\n\ud83d\udd31MiniDLNA &lt;=1.3.2 (CVE-2023-33476) Exploits : https://www.system32.ink/2023/06/minidlna-132-cve-2023-33476-exploits.html\n\n\ud83d\udd31CVE-2023-20178 PoC for Arbitrary File Delete vulnerability in Cisco Secure Client : https://www.system32.ink/2023/06/cve-2023-20178-poc-for-arbitrary-file.html\n\n\ud83d\udd31CVE-2023-25610  RCE vulnerability in FortiOS : https://www.system32.ink/2023/06/cve-2023-25610-rce-vulnerability-in.html\n\n\ud83d\udd31CVE-2023-30777 Exploit Reflected XSS vulnerability in the Advanced Custom Fields WordPress plugin : https://www.system32.ink/2023/06/cve-2023-30777-exploit-reflected-xss.html\n\n\ud83d\udda5Rat:\n\n\ud83d\udd31GCR-Google-Calendar-RAT : https://www.system32.ink/2023/06/gcr-google-calendar-rat.html\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31Mantra - A tool used to hunt down API key leaks in JS files and pages : https://www.system32.ink/2023/06/mantra-tool-used-to-hunt-down-api-key.html\n\n\ud83d\udd31IIS Short Name Scanner - 2012-2023 : https://www.system32.ink/2023/06/iis-short-name-scanner-2012-2023.html\n\n@crackcodes | crackcodes.in | system32.ink", "creation_timestamp": "2023-06-21T14:59:33.000000Z"}, {"uuid": "bfb756f0-541a-4e31-bdff-f341a2c11872", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25610", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8508", "content": "#exploit\n1. CVE-2023-25610:\nRCE vulnerability in FortiOS\nhttps://github.com/qi4L/CVE-2023-25610\n\n2. CVE-2023-30777:\nXSS in the Advanced Custom Fields WordPress plugin\nhttps://github.com/Alucard0x1/CVE-2023-30777\n\n3. CVE-2023-24078:\nRCE in FuguHub/BarracudaDrive\nhttps://github.com/rio128128/CVE-2023-24078", "creation_timestamp": "2023-06-18T12:50:26.000000Z"}]}