WatchGuard published a new security vulnerability on December 18, 2025, which you absolutely must be aware of:
WatchGuard Firebox iked Out of Bounds Write Vulnerability (CVE-2025-14773)(WGSA-2025-00027) CVSS 9.3
FortiWeb: Path confusion vulnerability in GUI / CVSS:9.1
Fortinet published information about a new vulnerability in FortiWeb. Affected devices must have specific firmware patches and management interfaces accessible via the WAN. Patched already exist to fix the issue.
Fortinet CVE-2024-55591 – Authentication bypass in Node.js websocket module
On January 15, Fortinet published a new PSIRT information regarding a newly discovered authentication bypass on FortiGate and FortiProxy when the administrative interface is publicly accessible. Update January 16: FortiOS 7.0.17 which contains a bug fix, has been released. Update January 17: Release notes have been published for FortiOS 7.0.17….
CVE-2024-3596: FortiGate and Palo Alto Networks Firewall not Working with RADIUS Server Anymore after Upgrade
The problem is not limited to Fortinet or Palo Alto Networks software. Since the cause for the problem is a design flaw in the RADIUS protocol, this flaw affects most products using RADIUS for authentication or accounting.
PAN Security Advisory CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
Palo Alto Networks discovered a vulnerability (CVE-2024-3400) with a CVSSv4.0 base score of 10 that impacts PAN-OS version 10.2+ with GlobalProtect enabled. We strongly recommend all to review the advisory for remediation steps. Are you affected? This vulnerability does not apply to you if any one of the following apply:…
CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication
Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…
New Fortinet Vulnerabilities (March 2023)
Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…
New FortiGate Vulnerability – CVE-2022-42475
Today Fortinet has published a new critical vulnerability in their FortiGate products. A successful attack allows arbitrary code or commands to be executed. The problem exist in the SSLVPN module – and you might be vulnerable if you are using SSLVPN and not running the latest patch release of the…
CVE-2022-40684 – Fortinet: Authentication bypass on administrative interface (HTTP/HTTPS) (English)
German Version: CVE-2022-40684 – Fortinet Authentication bypass on administrative interface (HTTP/HTTPS) (Deutsch) You have certainly (and hopefully) read the information on the published Fortigate administration access vulnerability and applied the appropriate patches. We have compiled all the information again here for your convenience.
CVE-2022-40684 – Fortinet: Authentication bypass on administrative interface (HTTP/HTTPS) (Deutsch)
Englische Version: CVE-2022-40684 – Fortinet Authentication bypass on administrative interface (HTTP/HTTPS) (English) Sie haben sicherlich (und hoffentlich) die Informationen über die veröffentlichte Fortigate-Schwachstelle beim Zugriff auf die Administration gelesen und die entsprechenden Patches installiert. Wir haben alle Informationen hier noch einmal für Sie zusammengestellt.
