US-CERT Issues Alert on Fortinet Security Advisory to Highlight Vulnerability in Firmware

August 23, 2016

The United States Computer Readiness Team (US-CERT) has issued an alert regarding a security advisory by Fortinet to highlight a vulnerability in versions of FortiGate firmware that were released before August 2012.

Cookie Parser Buffer Overflow Vulnerability

According to Fortinet, FortiGate firmware (FOS) released before Aug 2012 has a cookie parser buffer overflow vulnerability. This vulnerability, when exploited by a crafted HTTP request, can result in execution control being taken over. The risk level has been categorized as high (4) and the affected products are listed below.

FortiGate (FOS):

4.3.8 and below

4.2.12 and below

4.1.10 and below

Affected firmware versions are lower versions of 4.x firmware release. FOS 5.x firmware is Not affected, according to Fortinet.

Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Using unpatched software increases risks from viruses and other security threats, and attackers may target vulnerabilities for months or even years after patches are available, said US-CERT.

US-CERT Issues Alert on Fortinet Security Advisory to Highlight Vulnerability in Firmware

Cyber Attacks Target US, European Energy Sectors – Symantec

U.S. Attorney’s Office Releases Tips For Protecting Children From Online Predators During COVID-19

RELATED ARTICLESMORE FROM AUTHOR

Pennsylvania Cyber Attack Causes Disruption to State Courts Website

Much Ado About Zero Trust

DOE Investing $12M to Enhance Cybersecurity of Energy Systems

Cyber Attacks Target US, European Energy Sectors – Symantec

U.S. Attorney’s Office Releases Tips For Protecting Children From Online Predators During COVID-19

RELATED ARTICLES MORE FROM AUTHOR