PSIRT Blogs
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our ongoing analysis. Read more.
Update Regarding CVE-2022-40684
Fortinet recently distributed a PSIRT advisory regarding CVE-2022-40684 that details urgent mitigation guidance. Fortinet strongly urges potentially affected customers to immediately update their FortiOS, FortiProxy, and FortiSwitchManager products.
Apache Log4j Vulnerability
Read for an update from Fortinet about the Apache Log4j vulnerability, including protections and mitigating issues. It is critical that organizations take immediate action to inventory systems and prioritize remediation.
Fortinet and Expiring Let’s Encrypt Certificates
Read more for an update from Fortinet about Let’s Encrypt certificates as well as how Fortinet is working to improve certificate validation.
Malicious Actor Discloses FortiGate SSL-VPN Credentials
Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. This incident is related to an old vulnerability resolved in May 2019. We continue to strongly recommend that customers implement the patch upgrade and password reset as soon as possible.
PSIRT and Responsible Disclosure
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read more about Fortinet’s Product Security Incident Response Team (PSIRT) and the Responsible Disclosure Process.
Fortinet Provides Immediate Patch Update and Mitigations for Critical FortiManager and FortiAnalyzer Vulnerability - CVE-2021-32589
Fortinet has issued a patch and mitigations and is proactively communicating to customers, strongly urging them to immediately update their FortiManager and FortiAnalyzer products. Read more.
Prioritizing Patching is Essential for Network Integrity
Fortinet continues to communicate urging those customers that have not implemented the resolution to immediately implement patches that were made for CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812. Read more.
Patch and Vulnerability Management
At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. Read to learn more about the importance of patching and vulnerability management.
FireEye Red Team Tool Breach
Cybersecurity vendor FireEye reported a breach of their network and data exfiltration which included their internally developed Red Team tools. Read more on how to protect against these tools by potential adversaries.
