Blog > Critical Vulnerabilities

Critical Security Vulnerability in FortiOS SSL-VPN

Critical Security Vulnerability in FortiOS SSL-VPN

A CRITICAL vulnerability (score of 9.3) has been reported today, December 12, 2022 on FortiOS SSL-VPN.

This vulnerability is related to a buffer overflow and its exploitation can allow an attacker to execute remote commands on the attacked system. The attacker does not need to be authenticated to exploit this vulnerability.

Vulnerable FortiOS versions

  • FortiOS version 7.2.0 to 7.2.2
  • FortiOS version 7.0.0 to 7.0.8
  • FortiOS version 6.4.0 to 6.4.10
  • FortiOS version 6.2.0 to 6.2.11
  • FortiOS-6K7K version 7.0.0 to 7.0.7
  • FortiOS-6K7K version 6.4.0 to 6.4.9
  • FortiOS-6K7K version 6.2.0 to 6.2.11
  • FortiOS-6K7K version 6.0.0 to 6.0.14

Due to the possibility of exploiting this vulnerability remotely without authentication, it is strongly recommended to update immediately.

Mitigation

To fix the vulnerability, you must migrate to the latest versions of FortiOS.

Actions taken by Streamscan

- Measures have been incorporated into our cyber threat detection technology CDS to detect and counter attempts to exploit this vulnerability.

- Our MDR team maintains its high-level of vigilance in monitoring the security of your network.

How can Streamscan help you?

Cyber attacks are happening all the time. Without continuous security monitoring, you have no insights into the attacks impacting you. You can't protect yourself from what you can't see.

Let us give clear insights into your network. Join our MDR managed monitoring platform powered by our CDS cyber threat detection technology and keep yourself safe from cyberattacks.

- Contact us at +1 877 208-9040 or talk to one of our experts.