A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets.
According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
By infosecbulletin
/ Sunday , June 30 2024
Microsoft will assign Common Vulnerabilities and Exposures (CVE) numbers to important vulnerabilities found and fixed in their cloud services. This...
Read More
By infosecbulletin
/ Sunday , June 30 2024
Indonesia's temporary National Data Center (PDN) was attacked by ransomware last Thursday, leading to delays in airport immigration services and...
Read More
By infosecbulletin
/ Saturday , June 29 2024
FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code...
Read More
By infosecbulletin
/ Saturday , June 29 2024
Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has...
Read More
By infosecbulletin
/ Saturday , June 29 2024
CISA issued seven advisories about Industrial Control Systems (ICS) on June 27, 2024. These advisories aim to give prompt information...
Read More
By infosecbulletin
/ Friday , June 28 2024
Researchers said, threat actor exploiting vulnerabilities in Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via PowerShell...
Read More
By infosecbulletin
/ Friday , June 28 2024
In a statement On Wednesday, 26 June 2024, team viewer said, "our security team detected an irregularity in TeamViewer’s internal...
Read More
By infosecbulletin
/ Friday , June 28 2024
GitLab, a platform for DevOps tools, released critical updates for its Community Edition (CE) and Enterprise Edition (EE). The new...
Read More
By infosecbulletin
/ Thursday , June 27 2024
Several vulnerabilities have been found in the TP-Link Omada system, which is a popular software-defined networking solution for small to...
Read More
By infosecbulletin
/ Thursday , June 27 2024
Evolve Bank & Trust experienced a cybersecurity incident. The bank confirmed that cybercriminals obtained and shared customers' personal information on...
Read More
Version Affected Solution
FortiOS 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiOS 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiOS 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiProxy 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiProxy 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiProxy 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiProxy 2.0 2.0 all versions Migrate to a fixed release