Bleeping Computer

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was ...
heise online

Exploit available: Patch FortiWeb vulnerability now!

On Thursday last week, Fortinet released security updates – the most serious vulnerability affects FortiWeb. Attackers can exploit an SQL injection vulnerability in non-updated systems. IT researchers ...
Bleeping Computer

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, ...
Threat Post

Unpatched Fortinet Bug Allows Firewall Takeovers

The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch this week. An unpatched OS command-injection security vulnerability has been disclosed ...
Dark Reading

Zero-Day Flaw Found in Fortinet's FortiWeb WAF Technology

Researchers at Rapid7 today disclosed a critical zero-day vulnerability in Fortinet's FortiWeb Web application firewall (WAF) technology that attackers can exploit to gain complete control of affected ...
SDxCentral

Fortinet Firewall, Web Apps Hit by Security Flaw

Threat researchers at Positive Technologies have discovered four security vulnerabilities affecting Fortinet's FortiWeb firewalls and web applications and is advising customers to update their ...
heise online

Patch now! Attacks on Fortinet IT security solutions may be imminent

Network admins who manage Fortinet IT security solutions should ensure that the latest updates are installed. Exploit code is currently making the rounds and attackers are very likely to attack ...