Tag

Ssl Vpn

All articles tagged with #ssl vpn

security20 days ago•3 min saved

Fortinet SSL VPN and FortiGate vulnerabilities under active attack

Fortinet has issued a warning about active exploitation of a five-year-old vulnerability in FortiOS SSL VPN (CVE-2020-12812) that allows attackers to bypass two-factor authentication under certain configurations, especially involving LDAP integration and case-sensitive username matching. Organizations are advised to update their systems or disable username sensitivity to mitigate the risk, and to contact support if they suspect exploitation.

via The Hacker News|

#2fa-bypass #cve-2020-12812 #fortinet

cybersecurity1 year ago•1 min saved

"Fortinet FortiOS Bug CVE-2024-21762 Affects 150,000 Internet-Facing Devices"

A critical vulnerability, CVE-2024-21762, in Fortinet FortiOS SSL VPN could potentially impact 150,000 exposed devices, with the majority located in the United States. The vulnerability, which allows for remote code execution, has been actively exploited in attacks in the wild. Fortinet has recommended disabling SSL VPN as a workaround and has provided a list of impacted versions and available solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, and researchers continue to monitor the situation.

via Security Affairs|

#cve-2024-21762 #cyberattack #cybersecurity

technology1 year ago•5 min saved

"Fortinet's Critical Flaws: Urgent Patching Needed Amid Ongoing Exploitation"

Fortinet faced a tumultuous week with the disclosure of critical security vulnerabilities in its FortiOS, including an SSL VPN flaw that allows for remote code execution. The company also faced backlash for a confusing double bug disclosure and a disputed claim about toothbrushes being used in a DDoS attack. Fortinet's delayed and conflicting responses to these issues have drawn criticism, while security researchers urge users to patch vulnerable VPNs and upgrade to fixed releases.

via The Register|

#cybersecurity #disclosure #fortinet

technologysecurity1 year ago•2 min saved

"Fortinet Issues Urgent Warning on Active Exploitation of Critical SSL VPN Flaws"

Fortinet has disclosed a critical security flaw in FortiOS SSL VPN, likely being actively exploited, allowing for the execution of arbitrary code and commands. The vulnerability impacts multiple versions of FortiOS, and patches have been issued for other CVEs affecting FortiSIEM supervisor. Recent reports reveal Chinese state-sponsored actors exploiting known flaws in Fortinet devices, underscoring the growing threat faced by internet-facing edge devices lacking endpoint detection and response support.

via The Hacker News|

#cybersecurity #exploitation #fortinet

cybersecurity2 years ago•1 min saved

Fortinet Issues Critical Patches for RCE Vulnerabilities in Fortigate Devices

Fortinet has released firmware updates that fix a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices. The updates were released prior to the disclosure of the vulnerability, which is expected on June 13, 2023. The vulnerability affects all previous versions of Fortinet devices and could be exploited by threat actors to gain initial access to networks for data theft and ransomware attacks. Admins are urged to apply the security updates as soon as possible.

via BleepingComputer|

#cybersecurity #fortinet #rce-vulnerability