Cisco iOS XE Vulnerability: CVE-2023-20198
Cisco has released an advisory, acknowledging active exploitation of a previously unknown vulnerability, which is tracked as CVE-2023-20198, in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level […]
Shielding Against the Most Recent Fortinet Vulnerability
During a red team assessment for a client, Charles Fol and Dany Bach from LEXFO, discovered a heap overflow bug in Fortigate’s SSL VPN that can be exploited to achieve remote code execution on Fortigate instances. This vulnerability is reachable without authentication, and can be used to execute arbitrary code on vulnerable systems, which could […]
Shielding Against CVE-2021-44228 IOCs
On December 9th, the CVE-2021-44228 Apache Log4j RCE was released publicly. Before the threats were made public, Centripetal CleanINTERNET shielded this threat proactively and saved our customers valuable time, reputation, and the risk of non-compliance by preventing any compromise associated with this vulnerability. Many organizations are likely to be impacted by this vulnerability without understanding […]