Rhino Security Labs

Strategic Blog

Technical Strategic Technical & Strategic Both
Research

CVE-2022-26113: FortiClient Arbitrary File Write As SYSTEM

David Yesland
August 30, 2022

Forticlient is Fortinet’s basic VPN client which offers SSL VPN and IPSecVPN VPN connectivity. It also contains utility features which allow importing and exporting of VPN configurations and profiles…

Read more
Application Security

CVE-2022-25237: Bonitasoft Authorization Bypass and RCE

Penetration Testing

CVE-2022-25372:
Local Privilege Escalation in Pritunl VPN Client

Technical Strategic Technical & Strategic Both
Categories
Clear Selection
Application Security
AWS
Azure
Buyer's Guide
Cloud Security
Compliance
Enterprise Security
GCP
Mobile Security
Network Security
News
Penetration Testing
Research
Social Engineering
Tool Development
GCP

Working-As-Intended:
RCE to IAM Privilege Escalation in GCP Cloud Build

Spencer Gietzen

We have previously released a lot of research around Identity & Access Management (IAM) privilege escalation in AWS (last post here).  Very similar, this blog will focus on a feature of Google Cloud Platform (GCP) that might allow for…

Read more