#FortiOS

Citrix, Fortinet Patch High-Severity Vulnerabilities

by

November 13, 2024 at 07:21AM Citrix and Fortinet have issued patches addressing multiple vulnerabilities, including high-severity issues in their NetScaler and FortiOS products. **Meeting Takeaways:** 1. **Patch Releases**: Citrix and Fortinet have issued patches addressing multiple vulnerabilities. 2. **Severity of Vulnerabilities**: The patches include fixes for high-severity vulnerabilities specifically in NetScaler and FortiOS. 3. **Source … Read more

CISA says critical Fortinet RCE flaw now exploited in attacks

by

October 9, 2024 at 06:11PM CISA announced that attackers are exploiting a critical FortiOS remote code execution vulnerability (CVE-2024-23113), allowing unauthenticated access to unpatched devices. U.S. federal agencies must secure their FortiOS devices within three weeks. Fortinet recommends removing access to the vulnerable fgfmd daemon as a mitigation measure. ### Meeting Takeaways: 1. **Critical Vulnerability … Read more

Fortinet Patches Code Execution Vulnerability in FortiOS

by

June 12, 2024 at 12:45PM Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation. Based on … Read more

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

by

April 10, 2024 at 08:30AM Fortinet announced patches for critical vulnerabilities in FortiOS and other products, including a code injection bug in FortiClientLinux (CVE-2023-45590). Several high-severity vulnerabilities were also addressed in FortiOS, FortiProxy, FortiClientMac, and FortiSandbox. Users are advised to update their Fortinet appliances promptly to prevent potential cyber threats. CISA warns of the vulnerabilities’ … Read more

Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

by

March 11, 2024 at 10:03AM Fortinet recently patched a critical vulnerability in FortiOS, warning of potential exploitation. Tracked as CVE-2024-21762, the flaw can result in out-of-bounds write issues, allowing remote attackers to execute arbitrary code. While CISA added it to the Known Exploited Vulnerabilities Catalog, there are no reports of mass attacks or confirmed exploitation. … Read more

Critical Fortinet flaw may impact 150,000 exposed devices

by

March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

by

February 8, 2024 at 06:14PM Fortinet warns of a critical remote code execution vulnerability (CVE-2024-21762/FG-IR-24-015) in FortiOS SSL VPN, with a 9.6 severity rating. Unpatched versions affected. Recommended upgrades provided. Those unable to patch can mitigate by disabling SSL VPN. Potential exploitation by threat actors. Urgent device updates advised due to high severity and possible … Read more