Skip to Content

Fortinet Patches Critical Flaw in FortiOS SSL-VPN

Fortinet has released a patch for a severe, zero-day memory corruption vulnerability in its FortiOS SSL-VPN. The heap-based buffer overflow flaw can be exploited to allow remote unauthenticated attackers to execute commands and launch code on vulnerable systems.

Note

  • Perimeter security devices remain a popular target for attackers. Our sensors still see older FortiOS exploits used frequently. This vulnerability was patched as part of a recent FortiOS update, but not made public until now.
  • The workaround is to disable the SSL-VPN, which isn’t really viable if the mission of the device is to deliver your SSL-VPN. The fix is to update to the current version of FortiOS product. Incorporate the IOCs in the Fortiguard in your threat hunting, verify your device has not been compromised.
  • It seems that the last year or two has been the year in which many SSL VPNs have seen their systems explored. Fortinet seems to currently be the target of many of the exploit developers. This could be because of their market presence outside of the US and globally, or it could just be that there was already a lot of research that has led exploit developers to see other vectors in the same system. Maintain patches where you can, and if you’re using a different firewall product, I suspect that there will be other manufacturers that eventually will get the same treatment. No one is immune to software bugs. Stay on top of this and patch where you can, prioritizing SSL VPNs first.
  • Since the start of the pandemic, we have seen attackers focus on these types of edge devices. Have an inventory of what you have and ensure you patch consistently upon release.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.