CSO OnlineOpinion

Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

CISA has ordered agencies to patch the FortiWeb web application firewall within seven days after news of exploits emerged.
CSO Online

Fortinet’s silent patch sparks alarm as a critical FortiWeb flaw is exploited in the wild

Researchers say the flaw, affecting thousands of internet-facing FortiWeb instances, was exploited long before Fortinet ...
Dark Reading

Critical Fortinet FortiWeb WAF Bug Exploited in the Wild

A critical Fortinet FortiWeb vulnerability capable of remote code execution has been exploited in the wild.
Bleeping Computer

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited ...
Bleeping Computer

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. The zero-day ...
Infosecurity-magazine.com

Fortinet Patches Critical Bug in FortiClient EMS

Fortinet has patched a critical SQL injection vulnerability in its endpoint management software which could enable remote code execution (RCE) on targeted servers. CVE-2023-48788 affects ...