The problem is not limited to Fortinet or Palo Alto Networks software. Since the cause for the problem is a design flaw in the RADIUS protocol, this flaw affects most products using RADIUS for authentication or accounting.
Palo Alto Networks discovered a vulnerability (CVE-2024-3400) with a CVSSv4.0 base score of 10 that impacts PAN-OS version 10.2+ with GlobalProtect enabled. We strongly recommend all to review the advisory for remediation steps. Are you affected? This vulnerability does not apply to you if any one of the following apply:…
Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…
Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…
Today Fortinet has published a new critical vulnerability in their FortiGate products. A successful attack allows arbitrary code or commands to be executed. The problem exist in the SSLVPN module – and you might be vulnerable if you are using SSLVPN and not running the latest patch release of the…
German Version: CVE-2022-40684 – Fortinet Authentication bypass on administrative interface (HTTP/HTTPS) (Deutsch) You have certainly (and hopefully) read the information on the published Fortigate administration access vulnerability and applied the appropriate patches. We have compiled all the information again here for your convenience.
Englische Version: CVE-2022-40684 – Fortinet Authentication bypass on administrative interface (HTTP/HTTPS) (English) Sie haben sicherlich (und hoffentlich) die Informationen über die veröffentlichte Fortigate-Schwachstelle beim Zugriff auf die Administration gelesen und die entsprechenden Patches installiert. Wir haben alle Informationen hier noch einmal für Sie zusammengestellt.
WatchGuard’s Product Security Incident Response Team (PSIRT) has launched their public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact WatchGuard products or services. The published…
Hi all, another vulnerability – log4j – is keeping us all on our toes.In this blog article you will find information about log4j from our vendors.
In the last few days, more and more articles about vulnerabilities in the Wifi area have appeared. These FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities affects Wi-Fi devices from different vendors. heise.de: FragAttacks: Neue Angriffe gefährden nahezu alle WLAN-Geräte (German article) There is a…
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?