A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets.
According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
By infosecbulletin
/ Saturday , December 21 2024
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in...
Read More
By infosecbulletin
/ Friday , December 20 2024
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure...
Read More
By infosecbulletin
/ Friday , December 20 2024
Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million...
Read More
By infosecbulletin
/ Friday , December 20 2024
Sophos has fixed three separate security vulnerabilities in Sophos Firewall. The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such...
Read More
By infosecbulletin
/ Thursday , December 19 2024
A time-demanding workshop on "Cybersecurity Awareness and Needs Analysis" was held on Thursday (December 19) at Bangladesh Bank Training Academy...
Read More
By infosecbulletin
/ Thursday , December 19 2024
Kaspersky's Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach...
Read More
Version Affected Solution
FortiOS 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiOS 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiOS 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiProxy 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiProxy 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiProxy 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiProxy 2.0 2.0 all versions Migrate to a fixed release