> The flaw is reported to affect the "start VNC" feature — an attacker can inject shell metacharacters via JSON payloads in HTTP requests to this endpoint. No authentication is required, no user interaction is needed, and attack complexity is low.
I reassure myself that close to 100% of fortigate costumes have the control plane locked down.
I have come to believe that not a single embedded web server is without critical vulns, after deploying maybe a million patches to HP boxen for the iLO mgmt interface
I that it's largely only software companies that have a red team mindset, and only a minority of them. Everyone else is patching when upstream patches and job done.
> The flaw is reported to affect the "start VNC" feature — an attacker can inject shell metacharacters via JSON payloads in HTTP requests to this endpoint. No authentication is required, no user interaction is needed, and attack complexity is low.
I reassure myself that close to 100% of fortigate costumes have the control plane locked down.
I have come to believe that not a single embedded web server is without critical vulns, after deploying maybe a million patches to HP boxen for the iLO mgmt interface
I that it's largely only software companies that have a red team mindset, and only a minority of them. Everyone else is patching when upstream patches and job done.