SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix (#)
SANS Internet Storm Center's Daily Network Security News Podcast · Johannes B. Ullrich
November 16, 20257m 11s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/ https://fortiguard.fortinet.com/psirt/FG-IR-25-910?ref=labs.watchtowr.com Flnger.exe and ClickFix Attackers started to use the finger.exe binary to retrieve additional payload in ClickFix attacks https://isc.sans.edu/diary/Finger.exe%20%26%20ClickFix/32492 keywords: clickfix; finger; fortiweb; finger.exe; fortinet