FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

By Ravie Lakshmanan — June 13th 2023 at 04:21
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, dubbed XORtigate and tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and
☐ ☆ ✇ The Hacker News

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

By Ravie Lakshmanan — March 9th 2023 at 05:23
Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in
☐ ☆ ✇ The Hacker News

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

By Ravie Lakshmanan — February 19th 2023 at 06:27
Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8)
☐ ☆ ✇ The Hacker News

PoC Exploit Released for Critical Fortinet Auth Bypass Bug Under Active Attacks

By Ravie Lakshmanan — October 14th 2022 at 03:35
A proof-of-concept (PoC) exploit code has been made available for the recently disclosed critical security flaw affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager, making it imperative that users move quickly to apply the patches. "FortiOS exposes a management web portal that allows a user to configure the system," Horizon3.ai researcher James Horseman said. "Additionally, a user can
☐ ☆ ✇ The Hacker News

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

By Ravie Lakshmanan — October 7th 2022 at 16:47
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary
❌