CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication

Author: mp Category: Fortinet

Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…

Loading

read more

New Fortinet Vulnerabilities (March 2023)

Author: sy Category: Fortinet

Most of you have already read about the latest release of Fortinet’s new PSIRT advisories. There are 15 new vulnerabilities for FortiOS and other products with severity level from low up to critical. We strongly recommend that you checkt the PSIRT advisories and update your Fortinet products to one of…

Loading

read more

FortiGate SSLVPN Update-Empfehlung

Author: vla Category: Fortinet

Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…

Loading

read more

Menlo Security Prevents Zero-Day Threat on Internet Explorer

Author: mp Category: Menlo

The still-active Zero-Day Exploit threatens the frequently vulnerable JavaScript Engine Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380. The remote code execution vulnerability allows an attacker to take advantage of how…

read more