«FortiGate SSLVPN Update-Empfehlung» weiterlesen
Update, Nov 2020:
More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have already been patched.
Two days ago, this list was extended with usernames and passwords that were exploted via this vulnerability. Even if the Fortigates have been patched – as long as the passwords have not been changed, an attacker could still use them to gain access to protected networks.
Last week Fortinet has released a critical PSIRT-Advisory «Improper check for certificate revocation vulnerability»
Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?«New PSIRT-Advisory from Fortinet» weiterlesen