Bleeping Computer

Fortinet fixes critical vulnerabilities in SSL VPN and web firewall

Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the ...
Bleeping Computer

Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Update 6/12/23 added below: Fortinet released a new advisory warning that the vulnerability may have been exploited in attacks. Fortinet has released new Fortigate firmware updates that fix an ...
Ars Technica

Fortinet SSL-VPN or Windows VPN

I already setup the Fortigate to do SSL-VPN using Active Directory (LDAP) for authentication. It works great, but requires a Fortinet client installation and some ...
Infosecurity-magazine.com

Fortinet Addresses Critical FortiGate SSL-VPN Vulnerability

Network security solution provider Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN software that could be exploited to hijack equipment. The vulnerability, identified as ...
Dark Reading

Researchers Develop Exploit Code for Critical Fortinet VPN Bug

Researchers have written exploit code for a critical remote code execution (RCE) vulnerability in Fortinet's FortiGate SSL VPNs that the vendor disclosed and patched in June 2023. Bishop Fox's ...
Dark Reading

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and ...
TechRadar

Deploying Fortinet VPN with default settings can leave your organization open to attack

Over 200,000 businesses that have deployed Fortinet VPN with its default configuration could be vulnerable to man-in-the-middle (MitM) attacks according to new research from the network security ...
TechRadar

Half a million Fortinet VPN passwords leaked online

A cybercriminal has released credentials associated with almost half a million Fortinet VPN accounts online. The account information was supposedly scraped from Fortinet devices, by exploiting a ...
CSOonline

Fortinet urges patching N-day bug amid ongoing nation-state exploitation

The flaw has a critical severity rating with a CVSS score of 9.6 and allows a remote unauthenticated actor to execute arbitrary commands by specially crafted HTTP requests. Fortinet has advised users ...
IT News For Australia Business

Long list of vulnerable Fortinet SSL VPNs published

A large list of almost 50,000 internet-reachable Fortinet FortiGate virtual private networking systems that contain an easily exploitable vulnerability has been published on the web and social media.
Ars Technica

Fortinet says hackers exploited critical vulnerability to infect VPN customers

An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in ...