Latest Fortinet news

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
- Sergiu Gatlan
- March 21, 2024
- 11:17 AM
- 0
Fortinet warns of critical RCE bug in endpoint management software

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.
- Sergiu Gatlan
- March 13, 2024
- 02:48 PM
- 0
Critical Fortinet flaw may impact 150,000 exposed devices

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.
- Ionut Ilascu
- March 08, 2024
- 03:37 PM
- 3
New Fortinet RCE bug is actively exploited, CISA confirms

CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
- Sergiu Gatlan
- February 09, 2024
- 04:02 PM
- 3
New Fortinet RCE flaw in SSL VPN likely exploited in attacks

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
- Lawrence Abrams
- February 08, 2024
- 06:11 PM
- 1
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
- Lawrence Abrams
- February 07, 2024
- 07:55 PM
- 0
Chinese hackers infect Dutch military network with malware

A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.
- Sergiu Gatlan
- February 06, 2024
- 01:49 PM
- 0
Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
- Bill Toulas
- November 16, 2023
- 10:20 AM
- 0
Iranian hackers breach US aviation org via ManageEngine, Fortinet bugs

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command (USCYBERCOM) revealed on Thursday.
- Sergiu Gatlan
- September 07, 2023
- 05:32 PM
- 0
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices

Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices.
- Bill Toulas
- July 12, 2023
- 10:40 AM
- 0
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.
- Bill Toulas
- July 03, 2023
- 07:54 AM
- 1
Fortinet fixes critical FortiNAC remote command execution flaw

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.
- Bill Toulas
- June 23, 2023
- 08:42 AM
- 0
Fortinet: New FortiOS RCE bug "may have been exploited" in attacks

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations.
- Sergiu Gatlan
- June 12, 2023
- 05:53 PM
- 0
Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now

Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices, tracked as CVE-2023-27997.
- Lawrence Abrams
- June 11, 2023
- 11:43 AM
- 0
Hackers can breach networks using data on resold corporate routers

Enterprise-level network equipment on the secondary market hide sensitive data that hackers could use to breach corporate environments or to obtain customer information.
- Ionut Ilascu
- April 23, 2023
- 12:32 PM
- 2
Fortinet zero-day attacks linked to suspected Chinese hackers

A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware.
- Sergiu Gatlan
- March 16, 2023
- 03:13 PM
- 1
Fortinet: New FortiOS bug used as zero-day to attack govt networks

Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
- Sergiu Gatlan
- March 13, 2023
- 06:38 PM
- 0
Fortinet warns of new critical unauthenticated RCE vulnerability

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.
- Bill Toulas
- March 08, 2023
- 02:25 PM
- 0
Hackers now exploit critical Fortinet bug to backdoor servers

Threat actors are targeting Internet-exposed Fortinet appliances with exploits targeting CVE-2022-39952, an unauthenticated file path manipulation vulnerability in the FortiNAC webserver that can be abused for remote command execution.
- Sergiu Gatlan
- February 22, 2023
- 02:06 PM
- 0
Exploit released for critical Fortinet RCE flaw, patch now

Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite.
- Bill Toulas
- February 21, 2023
- 01:21 PM
- 0