all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiOS - Fortilink lack of certificate validation

Add to bookmarks
Feb. 8, 2024, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.

attacker certificate channel communication cwe device fortios instance man-in-the-middle may unauthenticated validation vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 2 weeks, 5 days ago | fortiguard.fortinet.com
attacker cwe disclaimer may +8
Exposure of password hashes to read-only admin 2 weeks, 5 days ago | fortiguard.fortinet.com
admin control cwe data +11
Double free with double usage of json_object_put 2 weeks, 5 days ago | fortiguard.fortinet.com
attacker code commands cwe +9
Format String Bug in cli command 2 weeks, 5 days ago | fortiguard.fortinet.com
amp arbitrary code arbitrary code execution attacker +19
Client IP relies on X-Forwarded-For and other headers 2 weeks, 5 days ago | fortiguard.fortinet.com
attack bypass client cwe +10
Buffer overflow in administrative interface 2 weeks, 5 days ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13
Code injection in playbook code snippet step 2 weeks, 5 days ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +7
Client-side enforcement of server-side security related to customer reports features 2 weeks, 5 days ago | fortiguard.fortinet.com
access account attacker client +16
HTTP/2 CONTINUATION Frames Vulnerability 2 weeks, 5 days ago | fortiguard.fortinet.com
attack can connection crash +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com