Security News > 2021 > February > Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
The vulnerabilities range from Remote Code Execution to SQL Injection, to Denial of Service and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall products.
Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has been patching in their products.
Some of these vulnerabilities shown below had been previously reported in other Fortinet products but were fixed only recently in FortiProxy SSL VPN versions shown below.
CVE ID Vulnerability type Impacted products Fixed versions Date first published Date Fixed CVE-2018-13383 DoS, RCE FortiProxy SSL VPN 2.0.0 and below, 1.2.8 and below, 1.1.6 and below, 1.0.7 and below.
Vulnerabilities in FortiWeb Web Application Firewall were discovered and responsibly reported by researcher Andrey Medov at Positive Technologies.
Fortinet customers are therefore advised to upgrade to fixed versions of their products as soon as possible to protect against such critical vulnerabilities.
News URL
Related news
- Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- New kids on the ransomware block channel Lockbit to raid Fortinet firewalls (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Vivaldi integrates Proton VPN into the browser to fight web tracking (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-29 | CVE-2018-13383 | Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages. | 6.5 |