Fortinet Vulnerabilities and Security Flaws Update
In August 2019, it was revealed by security researchers at the Black Hat 2019 conference is Las Vegas that there had been a discovery of security vulnerabilities that had impacted a wide range of security vendors, including Fortinet. Fortinet patched these vulnerabilities back in April and May 2019, however many customers are still running the affected firmware versions.
SSL VPN Vulnerabilities
Two vulnerabilities directly affected Fortinet’s implementation of SSL VPN.
- CVE-2018-13379 (FG-IR-18-384) – This is a path traversal vulnerability in the FortiOS SSL VPN web portal that could potentially allow an unauthenticated attacker to download files through specially crafted HTTP resource requests.
If customers are running the following versions of FortiOS and have SSL enabled, it is definitley worth looking into updating your FortiOS in order to patch the above vulnerabilities:
- FortiOS 5.6.3 to 5.6.7
- FortiOS 6.0.0 to 6.0.4
Actions that you need to take, and how we can help
We here at Nouveau are doing our best to get in touch with our customers in order to notify them of these vulnerabilities. All of our FortiAssist customers are entitled to have the patches carried out for them right away as part of the service offering. Any customers who do not have a FortiAssist contract plan can also have the work completed for them, but there will be charges.
If you have any questions, or would like to speak to a member of our team, please do not hesistate to get in touch using the details below.
Telephone: 01189 699290