Close Menu
Subscribe
Global Security

Fortinet Cve-20256 Zero Day Patches used in Fortivoice systems used in Fortivoice systems

AdminBy No Comments2 Mins Read
Zero-Day RCE Flaw


May 14, 2025Red LakshmananVulnerability / safety network

Zero-Day RCE DIFFERENT

Fortinet has secured a critical lack of security, which, he said, was used as a zero day in attacks focused on the telephone systems of Fortivoice Enterprise.

The vulnerability, which is monitored as the CVE-2025-32756, carries the CVSS 9.6 out of 10.0.

“The vulnerability of overflow based on the stack (CWE-121) in Fortivoice, FortIMail, Fortindr, Fortirecorder and Forticamera can allow a remote unauthorized attacker to perform an arbitrary code or team using the HTTP”, “Company – Note In advisory.

The company said it noticed the shortage that is operated in the Wild on Fortivoice systems, but did not reveal the scale of the attacks and identity of the threat behind them.

The following states that the actor threatened the network scanning of the devices, the erased systems of the system and included the FCGI debug for the credentials in the system or attempts to login.

Cybersecurity

The question affects the following products and versions –

  • Forticamera 1.1, 2.0 (Go to fixed issue)
  • Forticamera 2.1.x (update up to 2.1.4 and above)
  • FortIMail 7.0.x (update up to 7.0.9 and above)
  • FortIMail 7.2.x (update up to 7.2.8 and above)
  • FortIMail 7.4.x (update up to 7.4.5 and above)
  • Fortmail 7.6.x (update up to 7.6.3 and above)
  • Fortindr 1.1, 1.2, 1.3, 1.4, 1.5, 7.1 (go to a fixed issue)
  • Fortindr 7.0.x (update up to 7.0.7 and above)
  • Fortindr 7.2.x (update up to 7.2.5 and above)
  • Fortindr 7.4.x (update up to 7.4.8 and above)
  • Fortindr 7.6.x (update up to 7.6.1 and above)
  • Fortirecorder 6.4.x (update up to 6.4.6 and above)
  • Fortirecorder 7.0.x (update up to 7.0.6 and above)
  • Fortirecorder 7.2.x (update up to 7.2.4 and above)
  • Fortivoice 6.4.x (update up to 6.4.11 and above)
  • Fortivoice 7.0.x (update up to 7.0.7 and above)
  • Fortivoice 7.2.x (update up to 7.2.1 and above)

Fortinet said vulnerability was discovered by his team on the safety of products based on the actor’s activity threatening that came from the IP -Drown below

  • 198.105.127.124
  • 43.228.217.173
  • 43.228.217.82
  • 156.236.76.90
  • 218.187.69.244
  • 218.187.69.59

Users Fortivoice, FortIMail, Fortindr, Fortirecorder and Forticamera are recommended to apply the necessary fixes to provide your devices from active operation. If immediate fix is ​​not an option, it is recommended to disable the HTTP/HTTPS administrative interface as a temporary way.

Found this article interesting? Keep track of us further Youter and LinkedIn To read more exclusive content we publish.





Source link

Share.

Related Posts

Add A Comment
Leave A Reply