8 matches found
Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass
Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on SSO logins on FortiGate appliances on December 12...
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities
Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475 within FortiGate products. This malicious file could enable read-only access to files on the device's file system, which may include...
Fortinet Fortigate No certificate name verification for fgfm connection (FG-IR-24-046)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-046 advisory. - A improper restriction of communication channel to intended endpoints vulnerability CWE-923 in Fortinet FortiOS...
Fortinet Fortigate Multiple format string vulnerabilities (FG-IR-24-325)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-325 advisory. - A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.0 through 7.4.4, version 7.2.0...
Fortinet Fortigate Slow HTTP DoS Attacks Mitigation (FG-IR-19-013)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-19-013 advisory. - An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2,...
Fortinet Fortigate Out-of-bounds Write in captive portal (FG-IR-23-328)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-23-328 advisory. - A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0...
Fortinet Fortigate Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification (FragAttacks) (FG-IR-21-071)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-071 advisory. - The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP doesn't...
Fortinet Releases Security Updates for FortiClient and FortiGate
Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Fortinet security advisories and...