SEPPMail has published a software update to fix a critical vulnerability in the large file transfer module.
SEPPMail On-Premises: Act Now!
Multiple Fortinet Products: FortiCloud SSO Login Authentication Bypass / CVSS:9.4
Last Update: 06.02.2026: Added Analysis Report Link Update 23.1.2026: Recently, a small number of customers reported unexpected login activity occurring on their devices, which appeared very similar to the previous issue. However, Fortinet has identified a number of cases where the exploit was to a device that had been fully…
FortiWeb: Path confusion vulnerability in GUI / CVSS:9.1
Fortinet published information about a new vulnerability in FortiWeb. Affected devices must have specific firmware patches and management interfaces accessible via the WAN. Patched already exist to fix the issue.
Fortinet CVE-2024-55591 – Authentication bypass in Node.js websocket module
On January 15, Fortinet published a new PSIRT information regarding a newly discovered authentication bypass on FortiGate and FortiProxy when the administrative interface is publicly accessible. Update January 16: FortiOS 7.0.17 which contains a bug fix, has been released. Update January 17: Release notes have been published for FortiOS 7.0.17….
Remediation Steps if your FortiGate got Hacked or Attacked
Last Update: 06.02.2026 … or accessed from any unauthorized party. In some cases it’s not even necessary to hack a system to gain access to it. For example it may be enough to leak a configuration file to allow unauthorized system access. Fortunately, many cases of a suspected hack turn…
PAN Security Advisory CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
Palo Alto Networks discovered a vulnerability (CVE-2024-3400) with a CVSSv4.0 base score of 10 that impacts PAN-OS version 10.2+ with GlobalProtect enabled. We strongly recommend all to review the advisory for remediation steps. Are you affected? This vulnerability does not apply to you if any one of the following apply:…
New FortiOS firmware patches released
Maybe you have already noticed (or maybe you have been informed by our Fortinet Firmware Update mailing list) that Fortinet has released of some new FortiOS patches on Feb. 7, 2024. To be more precise – all Fortinet minor and major versions that are running on Fortigate models that are…
CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication
Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…
New Fortinet Vulnerabilities (March 2023)
Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…
FortiGate SSLVPN Update-Empfehlung
Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…
