We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting FortiGate devices running FortiOS and FortiProxy. The stack-based overflow vulnerability may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy...
Advisory: Office and Windows HTML Remote Code Execution vulnerability – CVE-2023-36884
Update 9 Aug 2023: Microsoft have released a patch to fix this vulnerability. You can find more information on this here. We’re aware of a Remote Code Execution (RCE) vulnerability that is affecting Windows and Microsoft Office products. For an attacker to exploit...
Advisory: Fortinet SSL VPN vulnerability – CVE 2023-27997
We’re aware of a critical Remove Code Execution (RCE) vulnerability affecting Fortinet’s SSL VPN functionality. This vulnerability can be exploited without credentials and affects all SSL VPN appliances, even if multi-factor authentication is enabled. Due to the...
Advisory: Ruckus wireless admin remote code execution vulnerability CVE-2023-25717
We’re aware of the new DDoS botnet, AndoryuBot, targeting Ruckus wireless admin panels. We have done a review of N4L-managed Ruckus products and can confirm all products are running unaffected versions. Mitigation If you own Ruckus products that are not managed by us,...
Advisory: cPanel admin console vulnerability CVE-2023-29489
We're aware of a cPanel admin console vulnerability with a severity rating of medium. cPanel is a common website and server management software. Exploitation of this vulnerability could allow a malicious actor to perform remote code execution against any user who...
Advisory: Critical vulnerability affecting PaperCut MF/NG
We’re aware of a critical Remote Code Execution (RCE) vulnerability affecting PaperCut MF or NG. This vulnerability is currently exploited in the wild. The affected PaperCut products are: PaperCut MF or NG version 8.0 or later, on all OS platforms PaperCut MF or NG...
Advisory: Security issue with 3CX desktop application
3CX, a company that supplies telephony solutions, has been affected by a supply chain attack affecting software downloaded from their website. This attack can affect users running the 3CX desktop clients for MacOS and Windows. The recommended action is to remove these...
Advisory: Microsoft Outlook critical vulnerability CVE-2023-23397
We’re aware of a critical Microsoft Outlook privilege escalation vulnerability that is being actively exploited. This vulnerability can be exploited by sending a specifically crafted email which triggers automatically when it is retrieved and processed by the...
Advisory: Critical buffer underflow vulnerability in FortiOS impacting administrative interface CVE-2023-25610
We’re aware of a critical buffer underflow vulnerability CVE-2023-25610 affecting FortiOS’ administrative interface. This vulnerability could allow a malicious actor to remotely execute arbitrary code on the device. It may also allow an unauthenticated actor to...