Fortinet Community

Carl_Windsor_FTNT · 12-12-2022

Description This article describes how a critical heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote, unauthenticated attacker to execute arbitrary code or commands with specifically crafted requests. See the For...

Carl_Windsor_FTNT · 12-03-2020

Description Fortinet PSIRT Team has made extensive changes to the PSIRT Process in recent months and this documents the changes and how customers can receive updated on product vulnerabilities.FortiGuard Website.All Vulnerabilities are posted on the ...

Carl_Windsor_FTNT · 08-09-2019

Introducing FortiMail 6.2FortiMail 6.2.0 has been approved and is being distributed to the support site. This release adds several new features including: MS Office 365 Active Threat Remediation FortiMail can now perform post-delivery on-demand scan ...

Carl_Windsor_FTNT · 05-29-2018

FortiMail 6.0.0 is now released and has been distributed to the support site. This release adds several new features: URI Click ProtectionFortiMail rewrites selected links so that when a user clicks the link in the email message, the will be directed...

Carl_Windsor_FTNT · 07-25-2017

FortiMail 5.4 has been approved for release and will be uploaded to the support site in the next few hours.This version of FortiMail is a major rework focused on enhancing the GUI, removing the need for plugins and improving the configuration workflo...

Carl_Windsor_FTNT · 12-16-2021

Some additional debugging info from the FCT team if you want to dig into this further. It does require to reproduce the issue so no use after the fact. 1. register FCT to EMS2. after profile received, do the following changes to registry on the FCT:[...

Carl_Windsor_FTNT · 12-16-2021

This is network level detection so we are not logging the actual application that is triggering this. I recommend opening a ticked to see if there is more detail we can pull out of this for you. (DM me the ticket ID and I will have someone take a loo...

Carl_Windsor_FTNT · 12-16-2021

See: CVE-2021-44228 — Apache Log4j Vulnerability | Fortinet for more info. There are many ways this could have been triggered e.g. browsing to a web site with this set in the headers. Initiating a connection with these headers outbound. Also there ar...

Carl_Windsor_FTNT · 12-14-2021

Problem with this issue, the actual vulnerability can be behind the system being targetted (see the blog here). FortiGate has no way of knowing if the server is vulnerable or of there is log4j somewhere in the path, just that the payload has been sen...

Carl_Windsor_FTNT · 12-13-2021

Note that the IPS signature changed to Default Block as of IPS DB 19.217 See our blog and advisory for more detail.

Fortinet Community

User Statistics

User Activity

Technical Tip: [Critical vulnerability] Protect against heap-based buffer overflow in sslvpnd

PSIRT note: Fortinet PSIRT and Monthly PSIRT Advisories

Introducing FortiMail 6.2

Introducing FortiMail 6.0.0

Announcing FortiMail 5.4

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

Technical Tip: [Critical vulnerability] Protect ag...

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

PSIRT note: Fortinet PSIRT and Monthly PSIRT Advis...

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: CVE-2021-44228 Apache LOG4J vulnerability

Re: Migration from Postfix to FortiMail (Gateway m...

Re: Migration from Postfix to FortiMail (Gateway m...

Re: Fortimail 6.2.3 vs 6.2.2 vs 6.0.8?

Re: Introducing FortiMail 6.2

Fortinet Training Institute