#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Fortigate | Breaking Cybersecurity News | The Hacker News

Category — Fortigate
Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

Feb 09, 2024 Zero Day Vulnerability / Network Security
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability,  CVE-2024-21762  (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "An out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests," the company  said  in a bulletin released Thursday. It further acknowledged that the issue is "potentially being exploited in the wild," without giving additional specifics about how it's being weaponized and by whom. The following versions are impacted by the vulnerability. It's worth noting that FortiOS 7.6 is not affected. FortiOS 7.4 (versions 7.4.0 through 7.4.2) - Upgrade to 7.4.3 or above FortiOS 7.2 (versions 7.2.0 through 7.2.6) - Upgrade to 7.2.7 or above FortiOS 7.0 (versions 7.0.0 through 7.0.13) - Upgrade to 7.0.14 or above Forti...
Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Feb 07, 2024 Cyber Espionage / Network Security
Chinese state-backed hackers broke into a computer network that's used by the Dutch armed forces by targeting Fortinet FortiGate devices. "This [computer network] was used for unclassified research and development (R&D)," the Dutch Military Intelligence and Security Service (MIVD)  said  in a statement. "Because this system was self-contained, it did not lead to any damage to the defense network." The network had less than 50 users. The intrusion, which took place in 2023, leveraged a known critical security flaw in FortiOS SSL-VPN ( CVE-2022-42475 , CVSS score: 9.3) that allows an unauthenticated attacker to execute arbitrary code via specially crafted requests. Successful exploitation of the flaw paved the way for the deployment of a backdoor dubbed  COATHANGER  from an actor-controlled server that's designed to grant persistent remote access to the compromised appliances. "The COATHANGER malware is stealthy and persistent," the Dutch N...
4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

Jan 14, 2025SaaS Security / Generative AI
What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third-party risk. And, this growing attack surface, much of which is unknown or unmanaged in most orgs, has become an attractive target for attackers. So, why should you prioritize securing your SaaS attack surface in 2025? Here are 4 reasons. ‍ 1. Modern work runs on SaaS. When's the last time you used something other than a cloud-based app to do your work? Can't remember? You're not alone.  Outside of ...
Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

Jul 04, 2023 Network Security / Exploit
No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a  report  published last week, said that out of nearly 490,000 Fortinet SSL-VPN interfaces exposed on the internet, about 69 percent remain unpatched. CVE-2023-27997  (CVSS score: 9.8), also called XORtigate, is a critical vulnerability impacting Fortinet FortiOS and FortiProxy SSL-VPN appliances that could allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. Patches were released by Fortinet last month in versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5, although the company  acknowledged  that the flaw may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. Bishop Fox's analysis further found th...
cyber security

2024: A Year of Identity Attacks | Get the New eBook

websitePush SecurityIdentity Security
Prepare to defend against identity attacks in 2025 by looking back at identity-based breaches in 2024.
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Oct 07, 2022
Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 (CVSS score: 9.6), the critical flaw relates to an authentication bypass vulnerability that may permit an unauthenticated adversary to carry out arbitrary operations on the administrative interface via a specially crafted HTTP(S) request. The issue impacts the following versions, and has been addressed in FortiOS versions  7.0.7  and  7.2.2 , and FortiProxy versions 7.0.7 and 7.2.1 released this week: FortiOS - From 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1 FortiProxy - From 7.0.0 to 7.0.6 and 7.2.0 "Due to the ability to exploit this issue remotely, Fortinet is strongly recommending all customers with the vulnerable versions to perform an immediate upgrade," the company  cautioned  in an alert shared by a securit...
Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

Sep 25, 2020
As the pandemic continues to accelerate the shift towards working from home, a  slew of digital threats  have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network , over 200,000 businesses that have deployed the Fortigate VPN solution—with default configuration—to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. "We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily," SAM IoT Security Lab's Niv Hertz and Lior Tashimov said. "The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a differ...
Expert Insights / Articles Videos
Cybersecurity Resources