A Konica Minolta Company
Posted by Kevin Davis - February 25, 2022 - Alert, Vulnerability
Fortinet announced a vulnerability pertaining to the FortiGate SSLVPN. While this vulnerability has been determined to be difficult to exploit, it provides a mechanism for an attacker to potentially execute arbitrary code, and information can be found here. The specifics of the CVE that is involved can be reviewed by searching the CVE number, but below is a brief description.
- CVE-2021-26109: SSL VPN vulnerability (Patched in 6.0.13, 6.2.10, 6.4.6, and 7.0.1)
Because of the nature of this vulnerability, SymQuest recommends updating FortiGate firmware to a non-impacted version. If you have a FortiGate and would like us to perform this update for you it will be done so at a time and material basis during the upcoming maintenance windows listed below. The time estimated for this work is dependent on the currently running firmware version and will range from 1 - 2 hours in most cases.
Monday, January 17th, 2022 - Wednesday January 19th, 2022
11AM - 1PM EST
9PM - 11PM EST
Upgrade FortiGate firmware to address critical SSLVPN vulnerability as explained here.
The upgrade process will result in approximately one or more instances of 10 - 15 minutes of downtime during the maintenance window.
If you choose to have SymQuest perform this work, please open a support request and state "Please update Fortigate(s) on [choose a date and window of business hours or after hours from the above options]" and we will be happy to update your firmware for you. Rates for this work will be contracted service rates, after-hours rates will apply if you choose a time that is outside 8:00 am - 5:00 pm Monday - Friday, or a holiday.
Stay in the know and receive a notification right to your inbox when a security message is posted.
Subscribe