Over the past 60 days, I have observed scanning activity to discover FortiGate SSL VPN unpatched services. Fortinet has fixed several critical vulnerabilities in SSL VPN and web firewall this year from Remote Code Execution (RCE) to SQL Injection, Denial of Service (DoS) which impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products [1][2]. Two weeks ago, US-CERT [4] released an alert re-iterating that APT actors are looking for Fortinet vulnerabilities to gain access to networks. Additional information to look for signs of this activity available here. Fortinet Scanning Activity
20210611-053716: 192.168.25.9:8443-203.159.80.226:58521 data [1] https://www.fortiguard.com/psirt?date=01-2021 ----------- |
Guy 523 Posts ISC Handler Jun 12th 2021 |
Thread locked Subscribe |
Jun 12th 2021 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!