I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet.
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech NO ports? That is impressive.
The last DoS I found in a firewall needed port 80 to be open to something behind it since it was related to WAF stuff
-
Any idea on the root cause? Is it potentially an RCE?
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech Ah, the joys of "security" software.
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech Yep,
@jerry is right again... https://www.youtube.com/shorts/IlptuY-0qpA #ThoughtLeader #Cyber -
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech WinNuke 2026!
️ -
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech The ping of death is back!
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech without reading further, fortinet?
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech You should have waited till Friday. That's the Vulnerability Disclosure Day, isn't it?
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech reminds me of the 1990s (?) dirt-simple exploit whereby you could crash a Windows machine merely by sending it any OOB packet. Yes, I tried it and it worked. I later saw code for it in an exhibit of various exploits at Madrid's Reina Sofia art museum. Cool exhibit.
-
@malwaretech Yep,
@jerry is right again... https://www.youtube.com/shorts/IlptuY-0qpA #ThoughtLeader #Cyber@alister @malwaretech @jerry@infosec.exchange Recursive Firewalls, pro move.
-
I found a zero day in a security vendor's firewall software that allows you to remotely crash the entire system by sending it a single malicious packet. Since the firewall is responsible for inspecting traffic prior to the operating system handling it, no ports even need to be open for it to work.
@malwaretech I wonder how much more difficult it is now to report vulnerabilities now that everyone is using “AI” to generate so much crap. -
@malwaretech Yep,
@jerry is right again... https://www.youtube.com/shorts/IlptuY-0qpA #ThoughtLeader #Cyber@alister @malwaretech @jerry you need seven layers of firewall just like you need seven proxies duh.
-
@malwaretech The ping of death is back!
@malwaretech Oh, but before I go crazy here, does it manage to log the source of the packet before crashing?
-
R relay@relay.publicsquare.global shared this topic
