Ars Technica

Fortinet SSL-VPN or Windows VPN

I already setup the Fortigate to do SSL-VPN using Active Directory (LDAP) for authentication. It works great, but requires a Fortinet client installation and some ...
Bleeping Computer

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw (tracked as CVE-2024-21762 / FG-IR-24-015) received a ...
Threat Post

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. The FBI and the Cybersecurity and ...
Threat Post

FortiGate VPN Default Config Allows MitM Attacks

The client’s default configuration for SSL-VPN has a certificate issue, researchers said. Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle ...
Dark Reading

Fortinet: Patched Critical Flaw May Have Been Exploited

Attackers may have exploited a flaw in Fortinet's FortiOS SSL-VPN in "a limited number of cases" that affected users in government, manufacturing, and critical infrastructure sectors. Exploitation of ...