LINK CISA has released Technical Details – PDF Version
LINK If you use a Fortinet Firewall you should investigate whether you are vulnerable.
LINK If you use FortiManager or FortiAnalyzer, take a look for these updates.
LINK Web Application Firewalls are affected by a recently discovered RCE. If you have a Fortinet WAF, time for another round of updating.
LINK Its been highlighted a few times recently, FortiNet has come out in the last year with some very high damage vulnerabilities and coordinated attacked are continuously being used to exploit them
SOFTWARE/COMPANY:Fortinet SOFTWARE LINK(s):https://www.fortiguard.com/psirt/FG-IR-20-229ehttps://www.fortiguard.com/psirt/FG-IR-20-232https://www.fortiguard.com/psirt/FG-IR-20-125https://www.fortiguard.com/psirt/FG-IR-20-177https://www.fortiguard.com/psirt/FG-IR-20-123https://www.fortiguard.com/psirt/FG-IR-20-126https://www.fortiguard.com/psirt/FG-IR-20-124 NEWS LINK(s):https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/ CVEs:CVE-2018-13383 – DoS, RCE – FortiProxy SSL VPNCVE-2018-13381 – DoS – FortiProxy SSL VPNCVE-2020-29015 – SQL Injection – FortiWebCVE-2020-29016 – RCE – FortiWeb 6.3.5CVE-2020-29017 – RCE – FortiDeceptorCVE-2020-29018 – RCE – FortiWebCVE-2020-29019 – DoS – FortiWeb NOTES:Two of these vulnerabilitiesw had dates for their publishing back to 2019, the rest […]