12 articles tagged with "Fortinet"
CISA adds CVE-2026-35616 to KEV catalog with April 9 deadline for federal agencies. Nearly 2,000 FortiClient EMS instances remain exposed as exploitation continues.
CVE-2026-35616 lets attackers bypass API authentication in FortiClient EMS 7.4.5-7.4.6 for unauthenticated RCE. Exploitation began March 31. Emergency hotfixes available.
CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.
Fortinet's March 2026 security advisory addresses 11 vulnerabilities including auth bypass, SQL injection, and buffer overflow flaws affecting enterprise management products.
CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.
CVE-2026-24858 allows attackers with FortiCloud accounts to log into other organizations' FortiGate devices. Patches rolling out now.
Arctic Wolf reports automated attacks creating rogue admin accounts on supposedly patched FortiGate devices. Fortinet acknowledges incomplete fix.
CVE-2025-64155 in Fortinet's SIEM product enables unauthenticated command injection via phMonitor service. CVSS 9.4, patches now available.
From Fortinet to SonicWall, authentication bypass vulnerabilities share common traits. Understanding these patterns helps security teams prioritize patching.
A threat actor called RedTeam is selling a $1,500 credential-stuffing tool with built-in scanning, proxy rotation, and multi-protocol support aimed at enterprise VPN infrastructure.
CVE-2020-12812 allows attackers to bypass two-factor authentication on FortiGate devices by simply changing username case. Fortinet issued fresh advisory on December 25.
Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.