PAN Security Advisory CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect

Palo Alto Networks discovered a vulnerability (CVE-2024-3400) with a CVSSv4.0 base score of 10 that impacts PAN-OS version 10.2+ with GlobalProtect enabled. We strongly recommend all to review the advisory for remediation steps. Are you affected? This vulnerability does not apply to you if any one of the following apply:…

Loading

read more

New FortiOS firmware patches released

Maybe you have already noticed (or maybe you have been informed by our Fortinet Firmware Update mailing list) that Fortinet has released of some new FortiOS patches on Feb. 7, 2024. To be more precise – all Fortinet minor and major versions that are running on Fortigate models that are…

Loading

read more

CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication

Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…

Loading

read more

New Fortinet Vulnerabilities (March 2023)

Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…

Loading

read more

FortiGate SSLVPN Update-Empfehlung

Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…

Loading

read more

Menlo Security Prevents Zero-Day Threat on Internet Explorer

The still-active Zero-Day Exploit threatens the frequently vulnerable JavaScript Engine Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380. The remote code execution vulnerability allows an attacker to take advantage of how…

read more