The Truth Behind SSL-VPN RCE Vulnerability Fix
- Release notes did not mention the critical SSL-VPN RCE vulnerability being addressed
If you’re using an SSL-VPN by Fortinet, you might want to pay attention to this. Recently, Fortinet released its security update that listed down all the fixes it contained. However, it seems that they missed out on an important detail – the critical SSL-VPN RCE vulnerability being addressed.
The vulnerability in question is an RCE (remote code execution) bug that attackers can exploit by sending a specifically crafted HTTPS request to the SSL-VPN web interface. An attacker could then execute arbitrary remote code on the affected systems. Getting unauthorized access to your system and confidential information has never been easier!
Although not all users are affected, the vulnerability is a critical one, and ignoring it could cause a lot of harm. Not to mention the potential for your boss to breathe down your neck if he finds out you didn’t patch your system.
So what now? First things first, check with Fortinet if your system is affected. If you are, download the update to fix the SSL-VPN RCE vulnerability ASAP!
It’s always better to be safe than sorry, and this is a great example why. Ensure your system’s safety and save your boss from a heart attack – go download that patch!Original Article: https://www.infosecurity-magazine.com/news/fortinet-addresses-fortigate-ssl/