关联漏洞
标题:
Fortinet多款产品 安全漏洞
(CVE-2025-32756)
描述:Fortinet FortiRecorder等都是美国飞塔(Fortinet)公司的产品。Fortinet FortiRecorder是一套基于Web的网络视频录像机管理系统。Fortinet FortiMail是一套电子邮件安全网关产品。Fortinet FortiVoice是一个统一通信和协作即服务。 Fortinet多款产品存在安全漏洞,该漏洞源于栈缓冲区溢出,可能导致执行任意代码。以下产品及版本受到影响:Fortinet FortiVoice 7.2.0版本、7.0.0至7.0.6版本、6.4.0
描述
Proof of Concept for CVE-2025-32756 - A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products.
介绍
# CVE-2025-32756: Fortinet RCE PoC
A proof-of-concept for the critical stack-based buffer overflow vulnerability (CVE-2025-32756) affecting Fortinet products.
## Vulnerability
- **CVSS**: 9.8 (Critical)
- **Type**: Stack-based buffer overflow in AuthHash cookie processing
- **Impact**: Unauthenticated remote code execution
- **Affected Products**: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera
The vulnerability exists in the processing of the `enc` parameter in the `/remote/hostcheck_validate` endpoint, where improper bounds checking allows buffer overflow.
## Usage
### Exploit a single target
```
python3 fortinet_cve_2025_32756_poc.py exploit target_ip [-p port] [-d]
```
### Scan for vulnerable devices
#### Scan a single IP
```
python3 fortinet_cve_2025_32756_poc.py scan -f 192.168.1.1 [-p port] [-t threads] [-o output.csv] [-d]
```
#### Scan multiple IPs from a file
```
python3 fortinet_cve_2025_32756_poc.py scan -u targets.txt [-p port] [-t threads] [-o output.csv] [-d]
```
#### Scan an IP range
```
python3 fortinet_cve_2025_32756_poc.py scan --range 192.168.1.0/24 [-p port] [-t threads] [-o output.csv] [-d]
```
### Arguments:
- `-f, --ip`: Single IP to scan
- `-u, --file`: File containing list of IPs to scan (one per line)
- `--range`: IP range to scan in CIDR notation (e.g., 192.168.1.0/24)
- `-p, --port`: Target port (default: 443)
- `-t, --threads`: Number of threads for scanning (default: 10)
- `-o, --output`: Output file to save results (CSV format)
- `-d, --debug`: Enable debug output
## Mitigation
Update to patched versions:
- FortiVoice: 7.2.1+, 7.0.7+, 6.4.11+
- FortiMail: 7.6.3+, 7.4.5+, 7.2.8+, 7.0.9+
- FortiNDR: 7.6.1+, 7.4.8+, 7.2.5+, 7.0.7+
- FortiRecorder: 7.2.4+, 7.0.6+, 6.4.6+
- FortiCamera: 2.1.4+
## IMPORTANT SECURITY NOTICE
This Proof-of-Concept (PoC) is designed for educational and security research purposes **only**. Please note the following:
- THIS POC DOES NOT PERFORM ACTUAL CODE EXECUTION.
- This PoC demonstrates the vulnerability by:
- Detecting vulnerable Fortinet devices.
- Triggering the buffer overflow condition.
- Modifying a single byte in memory to prove successful exploitation.
- It DOES NOT:
- Execute arbitrary code.
- Provide shell access.
- Install backdoors or persistence mechanisms.
- Perform any destructive actions.
文件快照
[4.0K] /data/pocs/5708166d50cf2f457cf0eabfc574297bb2534def
├── [ 17K] fortinet_cve_2025_32756_poc.py
├── [2.3K] README.md
└── [ 36] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。