"user with administrative privilege in the web management interface, which allows an attacker to log in and take full control of a target appliance. we tested the poc against several different versions of fortiweb and confirmed that the exploit works against older versions, but no…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
95%
"fortinet fortiweb authentication bypass – cve - 2025 - 64446 tl ; dr : bishop fox researchers discovered an authentication bypass in fortiweb that lets attackers add their own admin accounts, take over the device, and erase evidence. fortinet fixed the issue with a configuration …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
62%
"conf as the sole mitigation. it is worth noting that a new log message was added to httpsd in version 8. 0. 2 that indicates when an ip address lockout occurs due to a specific number of failed rest api login attempts ( log type 10000017 ). evaluating impact to test if a particul…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Bishop Fox researchers discovered an authentication bypass in FortiWeb that lets attackers add their own admin accounts, take over the device, and erase evidence. Organizations can quickly check if they’re exposed using a new Bishop Fox scanner and should remove public access and update immediately.