Another appliance vuln down...
CVE-2022-40684, affecting multiple #Fortinet solutions, is an auth bypass that allows remote attackers to interact with all management API endpoints.
Blog post and POC coming later this week. Patch now.
Horizon3 Attack Team
118 posts
Horizon3 Attack Team
@Horizon3Attack
@Horizon3ai Attack Team | Security Research | Exploit Dev | TTPs
Joined December 2021
- The new F5 RCE vulnerability, CVE-2022-1388, is trivial to exploit. We spent some time chasing unrelated diffs within the newest version, but @jameshorseman2 ultimately got first blood. We'll release a POC next week to give more time for orgs to patch. #f5 #CyberSecurity
- CVE-2022-39952, announced today, allows for unauthenticated RCE against #Fortinet FortiNAC as the root user. Blog post and POC to be released soon. See Fortinet's PSIRT: fortiguard.com/psirt/FG-IR-22…
- Here is our technical deep dive for the #Fortinet CVE-2022-40684 Auth Bypass. POC within. This year has been filled with interesting HTTP header abuse! horizon3.ai/fortios-fortip…
- Check out a recent finding by one of our own, Naveen Sunkavally. CVE-2022-28219 is an unauth RCE for ManageEngine ADAudit Plus. This XXE -> Deserialization chain often leads to host compromise as well as priv'd AD creds. Check out the blog post and POC: horizon3.ai/red-team-blog-…
- Our technical deep-dive for the recent #Fortinet FortiNAC CVE-2022-39952 🔺 POC Exploit for RCE 🔺 Reversing the Patch 🔺 Indicators of Compromise horizon3.ai/fortinet-forti…
GIF- Exploitation of multiple vulnerabilities affecting #VMware vRealize Log Insight leads to unauth RCE 🔺 CVE-2022-31704, CVE-2022-31706, CVE-2022-31711 🔺 IOC Blog tomorrow 🔺 POC / Deep-Dive Blog next week See VMware Security Advisory: vmware.com/security/advis…
- With reports of #Fortinet CVE-2022-40684 being exploited in the wild, we have detailed some early Indicators of Compromise in the following blog to help organizations assess their environments. horizon3.ai/fortinet-iocs-…
- Our technical analysis and POC for CVE-2022-22972 Authentication Bypass for #VMware Workspace ONE, vIDM, and vRealize Automation 7.6. horizon3.ai/vmware-authent… We've again passed our POC to @GreyNoiseIO to build early detections. #CyberSecurity
- And finally, a technical analysis on how @JamesHorseman2 and @hacks_zach reversed the patch and developed the POC for CVE-2022-1388: horizon3.ai/f5-icontrol-re… #f5 #CyberSecurity
- CVE-2025-5777, aka #CitrixBleed 2, allows leaking of memory in the response which can allow for compromising session tokens, and other sensitive information. A deep-dive to follow next week.
- The team is back at it successfully reproducing CVE-2022-22972 affecting multiple #VMware products such as Workspace ONE. Technical writeup and POC soon to follow. Recommend to patch or mitigate immediately. #CyberSecurity
- 🔍 New POC Available! We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE. This authentication-bypass allows an attacker to create new users with privilege level 15. Check out the details in horizon3.ai/cisco-ios-xe-c…
