Critical vulnerability allows attackers to bypass authentication on Fortinet devices. Is your network infrastructure at risk? Discover which versions are vulnerable and how to protect your systems immediately.
#SecurityLand #CyberWatch #CyberSecurity #Fortinet #Vulnerability #FortiOS
#BSI WID-SEC-2025-1025: [NEU] [mittel] #Fortinet #FortiOS: Mehrere Schwachstellen ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1025
#BSI WID-SEC-2025-1026: [NEU] [hoch] #Fortinet #FortiOS, #FortiProxy #und #FortiSwitch: Schwachstelle ermöglicht Privilegieneskalation
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1026
FortiOS Authentication Bypass Vulnerability Lets Attackers Take Full Control of Device
https://cybersecuritynews.com/fortios-authentication-bypass-vulnerability/
#Infosec #Security #Cybersecurity #CeptBiro #FortiOS #AuthenticationBypass #Vulnerability #FullControlOfDevice
#Fortinet : plusieurs vulnérabilités exploitées pour mettre à mal plus de 17 000 instances-serveurs sous #FortiOS et #FortiProxy !
🚨 A critical #FortiOS vulnerability (CVE-2024-40591) allows privilege escalation to super-admin level! Affected versions: 7.6.0, 7.4.x, 7.2.x, 7.0.x, and all 6.4. Update ASAP!
Read: https://hackread.com/fortios-vulnerability-super-admin-privilege-escalation/
В тренде VM: под угрозой продукты Microsoft и Fortinet, а также архиватор 7-Zip
Хабр, привет! И вновь на связи я Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center и дежурный по самым опасным уязвимостям месяца. Мы с командой аналитиков Positive Technologies каждый месяц исследуем информацию об уязвимостях из баз и бюллетеней безопасности вендоров, социальных сетей, блогов, телеграм-каналов, баз эксплойтов, публичных репозиториев кода и выявляем во всем этом многообразии сведений трендовые уязвимости. Это те уязвимости, которые либо уже эксплуатируются вживую, либо будут эксплуатироваться в ближайшее время. В новый дайджест мы отнесли к трендовым восемь уязвимостей.
https://habr.com/ru/companies/pt/articles/881550/
#трендовые_уязвимости #microsoft #ole #rce #websocket #nodejs #fortios #7zip #maxpatrol_vm #управление_уязвимостями
#BSI WID-SEC-2025-0319: [NEU] [hoch] #Fortinet #FortiOS: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiOS ausnutzen, um beliebigen Programmcode auszuführen oder seine Rechte zu erweitern.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0319
#BSI WID-SEC-2025-0321: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Schwachstelle ermöglicht Codeausführung
Ein lokaler Angreifer kann eine Schwachstelle in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um beliebigen Programmcode auszuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0321
Nieuwe kwetsbaarheid in fortinet fortios en fortiproxy verholpen https://www.trendingtech.news/trending-news/2025/01/51342/nieuwe-kwetsbaarheid-in-fortinet-fortios-en-fortiproxy-verholpen #FortiNet #kwetsbaarheid #beveiliging #FortiOS #FortiProxy #Trending #News #Nieuws
#fortiguard #psirt #fortios #security https://fortiguard.fortinet.com/psirt/FG-IR-24-535 lol :clippy: :cate: :KEKW:
U.S. #CISA adds #Fortinet #FortiOS to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/173098/hacking/u-s-cisa-adds-fortinet-fortios-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking #malware
#Fortinet have dropped 29 security updates today, 14 of which are rated "high" or "critical". Have fun everyone. (Fortunately, only one 'low' affects our stuff but FFS, come on)
I fell into the "pl2303hxa phased out since 2012" issue today
I needed to access two #Fortinet #FG-80C devices (to confirm they worked, ensure they had the default UID/password and configs, etc)
So I grabbed the trusty no named #serial to #USB #serial2usb dongle and a #cisco labeled crossover
Went to use my #Thinkpad running #win11 and after updating the drivers using Windows update received the dreaded "pl2303hxa phased out since 2012, please contact your supplier" message - and would not tell you what #COM port was configured.
Well, #WTF ?!?
Some further research has two theories on the motives by #Prolific (the makers of the #chipset used in the #dongle )
1) Prolific wants to sell more hardware. Which, go #DIAF #Prolific, nice way to backdate planned obsolescence
2) Seems a ton of fake, cheap dongles use a fake chipset based on Prolific's design. Prolific released a driver that identifies these cables, and will not allow the use of their driver for these fake dongles.
Again, go #DIAF Prolific. I can relate to the issues involved here, but go after the fakes not your customer base. I have no idea how long this dongle has been in my toolbox, or where it came from - and I'm certainly not going to throw away a perfectly good dongle.
There is a solution, follow along on this #github page and install their driver from 2008 that does not conduct this chipset check. All will work fine.
https://github.com/polachp/pl2303-legacy-w11
This has a great walk through with #screenshots :
https://indiaoncloud.com/prolific-pl2303-phased-out-since-2012-please-contact-your-supplier/
This person did an amazing analysis on the actual code:
https://misc.daniel-marschall.de/patches/prolific_drivers/
Other References:
https://haprofs.com/pl2303hxa-phased-out-since-2012-please-contact-your-supplier-solved/
https://saptaji.com/2024/01/19/usb-to-serial-pl2303hxa-phased-out-since-2012-solution-in-window-11/
#networking #security #infosec #firewall #FortiOS
#vintagecomputing
#vintagecomputing #vintagecomputint #vintagecomputer #vintagecomputers #vintagecomputalk
#vintagehardware
#computerHistory
#retro
#retrocomputing #retroComputers
#WallOfRetro
#retroTech #retroTechnology
#nerdsOfVintage #happyNerding
#computer #tech
#BSI WID-SEC-2024-3438: [NEU] [mittel] #Fortinet #FortiOS #undFortiProxy: Mehrere Schwachstellen
Ein anonymer Angreifer kann mehrere Schwachstellen in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder Phishing-Angriffe durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3438
#BSI WID-SEC-2024-1830: [NEU] [mittel] #Fortinet #FortiOS: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Ein lokaler Angreifer kann mehrere Schwachstellen in Fortinet FortiOS, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1830
Now that it appears my move to BSD.cafe is complete, I believe it’s time for a #introduction.
First, I want to say how great it is to be part of the BSD.cafe community. I’m thrilled that this instance exists and is thriving.
I’m Blake, a Systems Administrator with a knack for #networks and #DevOps. Currently, I work in the insurance sector, focusing on #technology solutions for agricultural businesses. I have extensive experience with #Linux, #AWS, #Azure, and a variety of network solutions, from Fortigate (#FortiOS) to Netgate (#pfSense). I consider myself a big-picture solver, dedicated to enhancing infrastructure efficiency and security.
I’ve been using Linux daily since the late 2000s, when our family’s Windows XP machine gave out and I got my hands on Ubuntu 8.04 LTS. Since then, I’ve experimented with everything from Arch Linux to Void Linux. Recently, I’ve started exploring #FreeBSD and #OpenBSD, and I’m truly enjoying the fresh experience they offer.
When I’m not immersed in technology, you’ll find me participating in ultra-endurance #cycling events or tinkering with my #homelab. I’m committed to continuous learning and love sharing insights on cutting-edge network and server technologies. I also enjoy exploring how technology intersects with everyday life.
One of these days, I plan to create a proper blog site to share my thoughts and experiences.
I look forward to connecting with fellow tech enthusiasts and homelabbers!
#BSI WID-SEC-2024-1570: [NEU] [mittel] #Fortinet #FortiOS #und #FortiProxy: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer, oder ein Angreifer aus einem benachbarten Netzwerk kann mehrere Schwachstellen in Fortinet FortiOS und Fortinet FortiProxy ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen und um Sicherheitsmaßnahmen zu umgehen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1570
