Conversation
cR0w@infosec.exchange

cR0w cascadia

Fortinet published their July advisories. Nothing huge stands out but they always have some weird shit.

https://www.fortiguard.com/psirt

For example:

https://www.fortiguard.com/psirt/FG-IR-24-053

An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy may allow a remote unauthenticated user to bypass the DNS filter via Apple devices.

and

https://www.fortiguard.com/psirt/FG-IR-24-035

An insufficient session expiration vulnerability [CWE-613] in FortiSandbox & FortiIsolator may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted.

1
1
0
buherator

buherator

Reply to @cR0w@infosec.exchange
@cR0w CWE-613 -> someone thought it's a good idea to run a 3-day pentest on a commercially available product, then demanded support to fix all Low's
1
0
1
cR0w@infosec.exchange

cR0w cascadia

Reply to @buherator

@buherator Yeah, it's not a bad one but reported internally by Leslie Zhou of Fortinet Vulnerability Research team. Definitely different than I'm used to seeing from Fortinet but if this is the worst of it, it's a good month for them.

1
1
0
buherator

buherator

Reply to @cR0w@infosec.exchange
@cR0w Oh, that's s surprising, thanks for clarifying for me! Still, my concern is given their track record I'm not sure the priorities are right.
1
0
1
cR0w@infosec.exchange

cR0w cascadia

Reply to @buherator

@buherator 1000

0
1
0
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.