Any action you take upon the information contained herein is strictly at your own risk. The descriptions provided herein are solely for informational purposes and are not to be construed as advice of any kind or the rendering of consulting, financial, legal, or other professional services from Coalition. Policy obligations are the sole responsibility of the issuing insurance carrier. Any information on this communication does not in any way alter, supplement, or amend the terms and conditions of the applicable insurance policy and is intended only as a brief summary of such insurance products. Please see a copy of your policy for the full terms and conditions. ![]() All insurance products are governed by the terms and conditions set forth in the applicable insurance policy. Insurance products offered through CIS may not be available in all states. Complete license information for CIS is available here. A list of our admitted carriers is available here. license #0L76155), acting on behalf of a number of unaffiliated insurance companies. (“CIS”), a licensed insurance producer with its principal place of business in San Francisco, CA (Cal. Insurance products referenced herein are offered by Coalition Insurance Solutions, Inc. ![]() Any policyholder with questions or concerns regarding their Fortinet device or the FortiOS SSL VPN vulnerability can contact our Security Support Center. Fortinet has provided instructions in their security advisory, which includes a complete list of impacted versions and what patches to apply.Ĭoalition external scans cannot detect which firmware version a business is running. However, disabling ‘sslvpnd’ will make the VPN device unusable.Īs a precautionary measure, we recommend taking impacted Fortinet devices offline until they have been updated to the newest version of FortiOS. If they cannot immediately patch, they should instead disable ‘sslvpnd’ as a workaround. What should policyholders do?īusinesses running FortiOS SSL VPN should immediately follow the vendor's guidance to patch their devices to the appropriate version. Cybersecurity and Infrastructure Security Agency (CISA) added the FortiOS SSL VPN vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and announced attackers were actively exploiting it in the wild.Īt the time of publication, CISA’s advisory cautioned that Fortinet had not provided additional details about attacks, but noted that threat actors often exploit vulnerabilities in Fortinet devices.įortinet also patched two separate critical RCE vulnerabilities the week of February 9, 2024, potentially creating confusion among businesses regarding which devices were vulnerable to which CVE. Businesses running FortiOS SSL VPN should take immediate remediation steps. The FortiOS SSL VPN vulnerability potentially enables threat actors to execute several cyber attacks. The vulnerability, CVE-2024-21762, allows threat actors to run arbitrary code or commands via specially crafted HTTP requests. ![]() On February 8, 2024, Fortinet issued a security advisory regarding a critical remote code execution (RCE) vulnerability impacting FortiOS SSL VPN.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |