Rhino Security Labs

Strategic Blog

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

David Yesland
August 30, 2022

Forticlient is Fortinet’s basic VPN client which offers SSL VPN and IPSecVPN VPN connectivity. It also contains utility features which allow importing and exporting of VPN configurations and profiles…

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client

Working-As-Intended:
RCE to IAM Privilege Escalation in GCP Cloud Build

Spencer Gietzen

We have previously released a lot of research around Identity & Access Management (IAM) privilege escalation in AWS (last post here).¬† Very similar,¬†this blog will focus on a feature of Google Cloud Platform (GCP) that might allow for…