Security News > 2023 > June > Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices, patch now
Fortinet has released new Fortigate firmware updates that fix an undisclosed, critical pre-authentication remote code execution vulnerability in SSL VPN devices.
While not mentioned in the release notes, security professionals and admins have hinted that the updates quietly fixed a critical SSL-VPN RCE vulnerability that would be disclosed on Tuesday, June 13th, 2023.
Fortinet is known to push out security patches prior to disclosing critical vulnerabilities to give customers time to update their devices before threat actors reverse engineer the patches.
Today, additional information was disclosed by vulnerability researcher Charles Fol, who told BleepingComputer that the new FortiOS updates include a fix for a critical RCE vulnerability discovered by him and Rioru.
Fol confirmed to BleepingComputer that this should be considered an urgent patch for Fortinet admins as its likely to be quickly analyzed and discovered by threat actors.
Fortinet devices are some of the most popular firewall and VPN devices in the market, making them a popular target for attacks.
News URL
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)