#fortios

Security Landsecurityland
2025-05-14

Critical vulnerability allows attackers to bypass authentication on Fortinet devices. Is your network infrastructure at risk? Discover which versions are vulnerable and how to protect your systems immediately.

Read More: security.land/critical-fortine

2025-05-14

#BSI WID-SEC-2025-1025: [NEU] [mittel] #Fortinet #FortiOS: Mehrere Schwachstellen ermöglicht Denial of Service

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um einen Denial of Service Angriff durchzuführen.

wid.cert-bund.de/portal/wid/se

2025-05-14

#BSI WID-SEC-2025-1026: [NEU] [hoch] #Fortinet #FortiOS, #FortiProxy #und #FortiSwitch: Schwachstelle ermöglicht Privilegieneskalation

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um seine Privilegien zu erhöhen.

wid.cert-bund.de/portal/wid/se

🖱🛠👉👕👈 SOSOrdinet 🎣🖥️🐛 🗞️SOSOrdinet@social.targaryen.house
2025-04-17
2025-02-13

🚨 A critical #FortiOS vulnerability (CVE-2024-40591) allows privilege escalation to super-admin level! Affected versions: 7.6.0, 7.4.x, 7.2.x, 7.0.x, and all 6.4. Update ASAP!

Read: hackread.com/fortios-vulnerabi

#CyberSecurity #Fortinet #InfoSec #Vulnerability

2025-02-12

В тренде VM: под угрозой продукты Microsoft и Fortinet, а также архиватор 7-Zip

Хабр, привет! И вновь на связи я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. В новый дайджест мы отнесли к трендовым восемь уязвимостей.

habr.com/ru/companies/pt/artic

#трендовые_уязвимости #microsoft #ole #rce #websocket #nodejs #fortios #7zip #maxpatrol_vm #управление_уязвимостями

2025-02-12

#BSI WID-SEC-2025-0319: [NEU] [hoch] #Fortinet #FortiOS: Mehrere Schwachstellen

Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um beliebigen Programmcode auszuführen oder seine Rechte zu erweitern.

wid.cert-bund.de/portal/wid/se

2025-02-12

#BSI WID-SEC-2025-0321: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Schwachstelle ermöglicht Codeausführung

Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um beliebigen Programmcode auszuführen.

wid.cert-bund.de/portal/wid/se

#Fortinet have dropped 29 security updates today, 14 of which are rated "high" or "critical". Have fun everyone. (Fortunately, only one 'low' affects our stuff but FFS, come on)

fortiguard.com/psirt

#fortios #fortifail #fortigate

2024-12-08

I fell into the "pl2303hxa phased out since 2012" issue today

I needed to access two #Fortinet #FG-80C devices (to confirm they worked, ensure they had the default UID/password and configs, etc)

So I grabbed the trusty no named #serial to #USB #serial2usb dongle and a #cisco labeled crossover

Went to use my #Thinkpad running #win11 and after updating the drivers using Windows update received the dreaded "pl2303hxa phased out since 2012, please contact your supplier" message - and would not tell you what #COM port was configured.

Well, #WTF ?!?

Some further research has two theories on the motives by #Prolific (the makers of the #chipset used in the #dongle )
1) Prolific wants to sell more hardware. Which, go #DIAF #Prolific, nice way to backdate planned obsolescence
2) Seems a ton of fake, cheap dongles use a fake chipset based on Prolific's design. Prolific released a driver that identifies these cables, and will not allow the use of their driver for these fake dongles.

Again, go #DIAF Prolific. I can relate to the issues involved here, but go after the fakes not your customer base. I have no idea how long this dongle has been in my toolbox, or where it came from - and I'm certainly not going to throw away a perfectly good dongle.

There is a solution, follow along on this #github page and install their driver from 2008 that does not conduct this chipset check. All will work fine.
github.com/polachp/pl2303-lega

This has a great walk through with #screenshots :
indiaoncloud.com/prolific-pl23

This person did an amazing analysis on the actual code:
misc.daniel-marschall.de/patch

Other References:
haprofs.com/pl2303hxa-phased-o

saptaji.com/2024/01/19/usb-to-

#networking #security #infosec #firewall #FortiOS
#vintagecomputing
#vintagecomputing #vintagecomputint #vintagecomputer #vintagecomputers #vintagecomputalk
#vintagehardware
#computerHistory
#retro
#retrocomputing #retroComputers
#WallOfRetro
#retroTech #retroTechnology
#nerdsOfVintage #happyNerding
#computer #tech

2024-11-13

#BSI WID-SEC-2024-3438: [NEU] [mittel] #Fortinet #FortiOS #undFortiProxy: Mehrere Schwachstellen

Ein anonymer Angreifer kann mehrere Schwachstellen in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder Phishing-Angriffe durchzuführen.

wid.cert-bund.de/portal/wid/se

2024-08-14

#BSI WID-SEC-2024-1830: [NEU] [mittel] #Fortinet #FortiOS: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen

Ein lokaler Angreifer kann mehrere Schwachstellen in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

wid.cert-bund.de/portal/wid/se

Blake Ridgwayblake@bsd.cafe
2024-08-13

Now that it appears my move to BSD.cafe is complete, I believe it’s time for a #introduction.

First, I want to say how great it is to be part of the BSD.cafe community. I’m thrilled that this instance exists and is thriving.

I’m Blake, a Systems Administrator with a knack for #networks and #DevOps. Currently, I work in the insurance sector, focusing on #technology solutions for agricultural businesses. I have extensive experience with #Linux, #AWS, #Azure, and a variety of network solutions, from Fortigate (#FortiOS) to Netgate (#pfSense). I consider myself a big-picture solver, dedicated to enhancing infrastructure efficiency and security.

I’ve been using Linux daily since the late 2000s, when our family’s Windows XP machine gave out and I got my hands on Ubuntu 8.04 LTS. Since then, I’ve experimented with everything from Arch Linux to Void Linux. Recently, I’ve started exploring #FreeBSD and #OpenBSD, and I’m truly enjoying the fresh experience they offer.

When I’m not immersed in technology, you’ll find me participating in ultra-endurance #cycling events or tinkering with my #homelab. I’m committed to continuous learning and love sharing insights on cutting-edge network and server technologies. I also enjoy exploring how technology intersects with everyday life.

One of these days, I plan to create a proper blog site to share my thoughts and experiences.

I look forward to connecting with fellow tech enthusiasts and homelabbers!

2024-07-10

#BSI WID-SEC-2024-1570: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer, oder ein Angreifer aus einem benachbarten Netzwerk kann mehrere Schwachstellen in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen und um Sicherheitsmaßnahmen zu umgehen.

wid.cert-bund.de/portal/wid/se

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst