• chevron_right

      336,000 servers remain unpatched against critical Fortigate vulnerability

      news.movim.eu / ArsTechnica · Monday, 3 July, 2023 - 19:46

    336,000 servers remain unpatched against critical Fortigate vulnerability

    Enlarge

    Researchers say that nearly 336,000 devices exposed to the Internet remain vulnerable to a critical vulnerability in firewalls sold by Fortinet because admins have yet to install patches the company released three weeks ago.

    CVE-2023-27997 is a remote code execution in Fortigate VPNs, which are included in the company’s firewalls. The vulnerability, which stems from a heap overflow bug, has a severity rating of 9.8 out of 10. Fortinet released updates silently patching the flaw on June 8 and disclosed it four days later in an advisory that said it may have been exploited in targeted attacks. That same day, the US Cybersecurity and Infrastructure Security Administration added it to its catalog of known exploited vulnerabilities and gave federal agencies until Tuesday to patch it.

    Despite the severity and the availability of a patch, admins have been slow to fix it, researchers said.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      Fortinet says hackers exploited critical vulnerability to infect VPN customers

      news.movim.eu / ArsTechnica · Thursday, 12 January, 2023 - 19:20

    A cake made to resemble FortiGate hardware.

    (credit: Fortinet)

    An unknown threat actor abused a critical vulnerability in Fortinet’s FortiOS SSL-VPN to infect government and government-related organizations with advanced custom-made malware, the company said in an autopsy report on Wednesday.

    Tracked as ​​CVE-2022-42475, the vulnerability is a heap-based buffer overflow that allows hackers to remotely execute malicious code. It carries a severity rating of 9.8 out of a possible 10. A maker of network security software, Fortinet fixed the vulnerability in version 7.2.3 released on November 28 but failed to make any mention of the threat in the release notes it published at the time.

    Mum’s the word

    Fortinet didn’t disclose the vulnerability until December 12, when it warned that the vulnerability was under active exploit against at least one of its customers. The company urged customers to ensure they were running the patched version of the software and to search their networks for signs the vulnerability had been exploited on their networks. FortiOS SSL-VPNs are used mainly in border firewalls, which cordon off sensitive internal networks from the public Internet.

    Read 9 remaining paragraphs | Comments