InfoSecBulletin Cybersecurity for mankind
A vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw is identified as FG-23-225 which allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets.
According to the advisory published by Fortinet, An insufficient verification of data authenticity vulnerability [CWE-345] in FortiOS & FortiProxy SSL-VPN tunnel mode may allow an authenticated VPN user to send (but not receive) packets spoofing the IP of another user via crafted network packets.
Google fixes Chrome Password Manager bug hiding credentials
India Confirms BSNL’s Data Breach, formed committee to investigate
Malware Attacks Increase 30% in First Half of 2024
New DNS Vulnerability “TuDoor” Threatens Internet Security
Acronis Urged Users to Patch Vulnerability
OpenAI to test search engine called SearchGPT
CISA Unveils advisories for Two Industrial Control Systems
Researchers unveil ConfusedFunction Vulnerability in Google Cloud Platform
BD CIRT published advisory on Web Application and Database Security
GitLab fixed six security flaws and recommends updating shortly
Version Affected Solution
FortiOS 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiOS 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiOS 7.0 7.0.0 through 7.0.12 Upgrade to 7.0.13 or above
FortiOS 6.4 6.4 all versions Migrate to a fixed release
FortiOS 6.2 6.2 all versions Migrate to a fixed release
FortiProxy 7.4 7.4.0 through 7.4.1 Upgrade to 7.4.2 or above
FortiProxy 7.2 7.2.0 through 7.2.7 Upgrade to 7.2.8 or above
FortiProxy 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiProxy 2.0 2.0 all versions Migrate to a fixed release
