Tuesday , March 11 2025
fortinet

FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing

infosecbulletin Wednesday , May 15 2024 Vulnerabilities

A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets.

According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.

CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV

By infosecbulletin / Tuesday , March 11 2025
CISA included three vulnerabilities in Ivanti Endpoint Manager—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—in its Known Exploited Vulnerabilities catalog. Federal agencies must address...
Read More
CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV

Ransomware Attacks Set Records in February: New Data Shows

By infosecbulletin / Sunday , March 9 2025
Ransomware attacks reached a record high in February, surpassing previous months, according to a Cyble report. The Cyble report tracked...
Read More
Ransomware Attacks Set Records in February: New Data Shows

Cyber attack at Japanese telecom leader NTT hits 18,000 companies

By infosecbulletin / Saturday , March 8 2025
NTT Communications Corporation discovered illegal access to its facilities on February 5 and confirmed on February 6 that some information...
Read More
Cyber attack at Japanese telecom leader NTT hits 18,000 companies

Cyber heist: Pune losses Rs 6007 crore in cyber scam

By infosecbulletin / Friday , March 7 2025
India's Maharashtra Deputy Chief Minister Devendra Fadnavis disclosed alarming cyber fraud figures for Pune in 2024 during the Assembly session....
Read More
Cyber heist: Pune losses Rs 6007 crore in cyber scam

Nearly 1 million airport lost and found records leaked

By infosecbulletin / Friday , March 7 2025
Cybersecurity researcher Jeremiah Fowler found that over a dozen unprotected databases from the German firm Lost and Found Software exposed...
Read More
Nearly 1 million airport lost and found records leaked

Exploiting CVE-2024-4577, Attackers Target Japan with Cobalt Strike

By infosecbulletin / Friday , March 7 2025
Cisco Talos found that an unknown attacker has been targeting organizations in Japan since January 2025. The attacker exploited the...
Read More
Exploiting CVE-2024-4577, Attackers Target Japan with Cobalt Strike

Sleeping Beauty
Researchers Bypassed CrowdStrike Falcon Sensor partially

By infosecbulletin / Friday , March 7 2025
SEC Consult researchers found a vulnerability in CrowdStrike's Falcon Sensor, enabling attackers to evade detection and run malicious applications. The...
Read More
Sleeping Beauty Researchers Bypassed CrowdStrike Falcon Sensor partially

CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks

By infosecbulletin / Thursday , March 6 2025
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...
Read More
CVE-2025-22224 41,500+ VMware ESXi Instances Vulnerable to Attacks

Register Now
AI Engineering Hackathon: Registration Open

By infosecbulletin / Wednesday , March 5 2025
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...
Read More
Register Now AI Engineering Hackathon: Registration Open

Cisco alerts about a Webex flaw that exposes credentials

By infosecbulletin / Wednesday , March 5 2025
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....
Read More
Cisco alerts about a Webex flaw that exposes credentials

Version                Affected                        Solution

FortiOS 7.4          7.4.0 through 7.4.1      Upgrade to 7.4.2 or above
FortiOS 7.2          7.2.0 through 7.2.7      Upgrade to 7.2.8 or above
FortiOS 7.0          7.0.0 through 7.0.12     Upgrade to 7.0.13 or above
FortiOS 6.4           6.4 all versions            Migrate to a fixed release
FortiOS 6.2          6.2 all versions             Migrate to a fixed release
FortiProxy 7.4      7.4.0 through 7.4.1       Upgrade to 7.4.2 or above
FortiProxy 7.2      7.2.0 through 7.2.7       Upgrade to 7.2.8 or above
FortiProxy 7.0      7.0.0 through 7.0.13      Upgrade to 7.0.14 or above
FortiProxy 2.0      2.0 all versions               Migrate to a fixed release

Check Also

MediaTek

10 New Vulnerabilities Discovered in MediaTek Chipsets

MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin