On January 15, Fortinet published a new PSIRT information regarding a newly discovered authentication bypass on FortiGate and FortiProxy when the administrative interface is publicly accessible. Update January 16: FortiOS 7.0.17 which contains a bug fix, has been released. Update January 17: Release notes have been published for FortiOS 7.0.17….
… or accessed from any unauthorized party. In some cases it’s not even necessary to hack a system to gain access to it. For example it may be enough to leak a configuration file to allow unauthorized system access. Fortunately, many cases of a suspected hack turn out to be…
Palo Alto Networks discovered a vulnerability (CVE-2024-3400) with a CVSSv4.0 base score of 10 that impacts PAN-OS version 10.2+ with GlobalProtect enabled. We strongly recommend all to review the advisory for remediation steps. Are you affected? This vulnerability does not apply to you if any one of the following apply:…
Maybe you have already noticed (or maybe you have been informed by our Fortinet Firmware Update mailing list) that Fortinet has released of some new FortiOS patches on Feb. 7, 2024. To be more precise – all Fortinet minor and major versions that are running on Fortigate models that are…
Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…
Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…
Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…
The still-active Zero-Day Exploit threatens the frequently vulnerable JavaScript Engine Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380. The remote code execution vulnerability allows an attacker to take advantage of how…
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?