PSIRT Blogs
Apache Log4j Vulnerability
Read for an update from Fortinet about the Apache Log4j vulnerability, including protections and mitigating issues. It is critical that organizations take immediate action to inventory systems and prioritize remediation.
Fortinet and Expiring Let’s Encrypt Certificates
Read more for an update from Fortinet about Let’s Encrypt certificates as well as how Fortinet is working to improve certificate validation.
Malicious Actor Discloses FortiGate SSL-VPN Credentials
Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.
PSIRT and Responsible Disclosure
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read more about Fortinet’s Product Security Incident Response Team (PSIRT) and the Responsible Disclosure Process.
Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589
Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.
Prioritizing Patching is Essential for Network Integrity
Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.
Patch and Vulnerability Management
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.
FireEye Red Team Tool Breach
Cybersecurity vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. Read more on how to protect against these tools by potential adversaries.
Update Regarding CVE-2018-13379
Fortinet continues customer protection and communication efforts with mitigation best practices in mind. Read more about updates regarding CVE-2018-13379.
ATP 29 Targeting SSL VPN Flaws
APT29 has targeted various vulnerabilities in SSL-VPN solutions, including a vulnerability resolved by Fortinet in May 2019. For all customers Fortinet recommends the following actions are taken immediately.
