TLDR: if you use Fortinet SSL VPN you have to disconnect your remote users. Immediately 🤦♂️
Critical #vulnerability in #Fortinet #FortiOS SSL #VPN.
Remote code execution without authentication.
Potentially already exploited in the wild.
Patches for supported versions are available, and they also recommend workaround: disable SSL VPN. Not just a webmode, but the entire SSL VPN.
It means that companies with Fortigate firewalls have to disconnect their remote workers from VPN if they cannot patch immediately or if they do not use IPsec VPN instead of SSL VPN.
https://www.fortiguard.com/psirt/FG-IR-24-015
MalwareLab /
npub1ks…h07l5
2024-02-09 09:36:41
Author Public Key
npub1ksxp2k6449prsqz6e3uq4k87hzw64v6c6u7zqdw9u99ev2y7gfpsnh07l5Published at
2024-02-09 09:36:41Event JSON
{
"id": "6749ff69b16cb7807a395975d4c5433ba08b16d50124d963ddd207ad6206b68d",
"pubkey": "b40c155b55a94238005acc780ad8feb89daab358d73c2035c5e14b96289e4243",
"created_at": 1707471401,
"kind": 1,
"tags": [
[
"t",
"vulnerability"
],
[
"t",
"Fortinet"
],
[
"t",
"fortinet"
],
[
"t",
"FortiOS"
],
[
"t",
"fortios"
],
[
"t",
"VPN"
],
[
"t",
"vpn"
]
],
"content": "TLDR: if you use Fortinet SSL VPN you have to disconnect your remote users. Immediately 🤦♂️\n\nCritical #vulnerability in #Fortinet #FortiOS SSL #VPN.\n\nRemote code execution without authentication. \nPotentially already exploited in the wild. \n\nPatches for supported versions are available, and they also recommend workaround: disable SSL VPN. Not just a webmode, but the entire SSL VPN. \nIt means that companies with Fortigate firewalls have to disconnect their remote workers from VPN if they cannot patch immediately or if they do not use IPsec VPN instead of SSL VPN. \n\nhttps://www.fortiguard.com/psirt/FG-IR-24-015",
"sig": "52fc25e03671f2eb785f7293a64124c5fbe827a9a6e42fa0c0675ae4080c99da6ddadf54dcf2cfe41d44d93ae3436d42ae416c93ef3e00adfb16d3242f711bf1"
}