Threat Signal
The Threat Signal created by the FortiGuard Labs is intended to provide you with insight on emerging issues that are trending within the cyber threat landscape. The Threat Signal will provide concise technical details about the issue, mitigation recommendations and a perspective from the FortiGuard Labs team in an FAQ style format.
Whether it’s significant vulnerability disclosures including high profile zero days, coordinated announcements with Cyber Threat Alliance partners, malware of significance, or any threat making the news cycle, FortiGuard Threat Signals are there for you.
ID
Name
Description
Updated Date
Threat Level
72
F5 BIG-IP Configuration Utility Authentication Bypass (CVE-2023-46747)
The vulnerability allows an unauthenticated attacker to exploit an authentication bypass vulnerability in...
Nov 09, 2023
HIGH
Threat Level
71
Atlassian Confluence Unauthorized Admin Account (CVE-2023-22515)
The vulnerability attack is targeting an authentication bypass flaw in Atlassian Confluence Server and...
Nov 08, 2023
HIGH
Threat Level
70
Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604)
Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by...
Nov 06, 2023
HIGH
Threat Level
69
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability (CVE-2023-4966)
According to the blog published by Citrix, CVE-2023-4966 is a buffer overflow vulnerability that can...
Nov 01, 2023
HIGH
Threat Level
68
Cisco IOS XE Web UI Privilege Escalation Vulnerability (CVE-2023-20198)
FortiGuard Labs released a new IPS signature "Cisco.IOS.XE.Web.UI.Backdoor" in version 25.661. For a full...
Oct 19, 2023
HIGH
Threat Level
67
HTTP/2 Rapid Reset Attack (CVE-2023-44487)
What isHTTP/2? HTTP/2 is a network protocol used by the World Wide Web that reduces latency by allowing...
Oct 11, 2023
HIGH
Threat Level
66
Progress Software WS_FTP Server Insecure Deserialization Vulnerability (CVE-2023-40044)
What is Progress Software WS_FTP? WS_FTP is a secure file transfer client and server software package from...
Oct 03, 2023
HIGH
Threat Level
65
Heap Buffer Overflow vulnerability in libwep (CVE-2023-5129)
What is libwebp? Libwebp is an open-source library developed by Google for encoding and decoding images in...
Sep 27, 2023
HIGH
Threat Level
64
WinRAR ZIP Arbitrary Code Execution Vulnerability (CVE-2023-38831)
What is WinRAR? WinRAR is a popular utility tool for file compression/decompression and archive...
Aug 24, 2023
HIGH
Threat Level
63
Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities (CVE-2023-26359, CVE-2023-26360)
What is Adobe ColdFusion? Adobe ColdFusion is a commercial rapid web-application and mobile applications...
Aug 21, 2023
HIGH
Threat Level
62
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability (CVE-2023-24489)
What is Citrix Content Collaboration? Citrix Content Collaboration is a security-focused collaboration,...
Aug 18, 2023
HIGH
Threat Level
58
Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)
What is Citrix NetScaler ADC and NetScaler Gateway? Citrix NetScaler ADC, previously known as Citrix ADC,...
Aug 01, 2023
HIGH
Threat Level
57
JumpCloud Supply-Chain Attack
What is JumpCloud? JumpCloud is a U.S. based IT service provider that offers central access control and...
Jul 20, 2023
HIGH
Threat Level
56
Active Exploitation of WooCommerce Payments Improper Authentication Vulnerability (CVE-2023-28121)
What is WooCommerce Payments? WooCommerce Payments is a popular e-commerce payment plugin for WordPress...
Jul 18, 2023
HIGH
Threat Level
55
Rockwell Automation ControlLogix Communication Modules Vulnerabilities (CVE-2023-3595 and CVE-2023-3596)
What is Rockwell Automation ControlLogix Communications Modules? Rockwell Automation ControlLogix...
Jul 14, 2023
HIGH
Threat Level