Trying to get vuln details from a vendor despite it being labeled as exploited in the wild
Conversation
Notices
-
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:53 JST 
cR0w :cascadia:
-
Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:52 JST 
screaminggoat
@cR0w we could be talking about a different eitw. Fortinet tomorrow kthx
-
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:52 JST
cR0w :cascadia:
@screaminggoat Is this a random guess or...
-
Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:52 JST
screaminggoat
@cR0w all else fails I could just point at a random toot https://cyberplace.social/@GossiTheDog/113687025051706838
-
Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 09-Jan-2025 05:38:52 JST 
Kevin Beaumont
@screaminggoat @cR0w the Fortinet one will be this URL, if they ever bother to post it https://www.fortiguard.com/psirt/FG-IR-24-266
-
Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:53 JST
screaminggoat
@cR0w CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
It's pretty self explanatory ¯\_(ツ)_/¯
-
Embed this notice
cR0w :cascadia: (cr0w@infosec.exchange)'s status on Thursday, 09-Jan-2025 05:38:53 JST
cR0w :cascadia:
@screaminggoat Oh yeah, I already have that one. I saw another post about this issue and then happened across this gif for a different chat so I threw it up here because it felt relatable. Thanks though.
-
Embed this notice
All GNU social JP content and data are available under the