PSIRT Blogs

PSIRT Blogs

Apache Log4j Vulnerability

Read for an update from Fortinet about the Apache Log4j vulnerability, including protections and mitigating issues. It is critical that organizations take immediate action to inventory systems and prioritize remediation.

By Carl Windsor December 12, 2021

PSIRT Blogs

Fortinet and Expiring Let’s Encrypt Certificates

Read more for an update from Fortinet about Let’s Encrypt certificates as well as how Fortinet is working to improve certificate validation.

By Carl Windsor September 30, 2021

PSIRT Blogs

Malicious Actor Discloses FortiGate SSL-VPN Credentials

Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.

By Carl Windsor September 08, 2021

PSIRT Blogs

PSIRT and Responsible Disclosure

At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read more about Fortinet’s Product Security Incident Response Team (PSIRT) and the Responsible Disclosure Process.

By Carl Windsor August 19, 2021

PSIRT Blogs

Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589

Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.

By Carl Windsor July 20, 2021

PSIRT Blogs

Prioritizing Patching is Essential for Network Integrity

Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.

By Carl Windsor June 01, 2021

PSIRT Blogs

Patch and Vulnerability Management

At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.

By Carl Windsor April 03, 2021

PSIRT Blogs

FireEye Red Team Tool Breach

Cybersecurity vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. Read more on how to protect against these tools by potential adversaries.

By Carl Windsor December 11, 2020

PSIRT Blogs

Update Regarding CVE-2018-13379

Fortinet continues customer protection and communication efforts with mitigation best practices in mind. Read more about updates regarding CVE-2018-13379.

By Carl Windsor November 30, 2020

PSIRT Blogs

ATP 29 Targeting SSL VPN Flaws

APT29 has targeted various vulnerabilities in SSL-VPN solutions, including a vulnerability resolved by Fortinet in May 2019. For all customers Fortinet recommends the following actions are taken immediately.

By Carl Windsor July 16, 2020