Network Alerts

FortiGate SSLVPN Vulnerability

Posted by Kevin Davis - February 25, 2022 - Alert, Vulnerability

About the Alert

Fortinet announced a vulnerability pertaining to the FortiGate SSLVPN. While this vulnerability has been determined to be difficult to exploit, it provides a mechanism for an attacker to potentially execute arbitrary code, and information can be found here. The specifics of the CVE that is involved can be reviewed by searching the CVE number, but below is a brief description.

- CVE-2021-26109: SSL VPN vulnerability (Patched in 6.0.13, 6.2.10, 6.4.6, and 7.0.1)

Because of the nature of this vulnerability, SymQuest recommends updating FortiGate firmware to a non-impacted version. If you have a FortiGate and would like us to perform this update for you it will be done so at a time and material basis during the upcoming maintenance windows listed below. The time estimated for this work is dependent on the currently running firmware version and will range from 1 - 2 hours in most cases.

Key Takeaways:

  • This vulnerability allows attackers to potentially execute an arbitrary code
  • We recommend updating the FortiGate firmware to a non-impacted version
  • Updating the firmware will take 1-2 hours

FortiGate SSLVPN Notification:

Dates Scheduled:

Monday, January 17th, 2022 - Wednesday January 19th, 2022

Business Hours:

11AM - 1PM EST

After Hours:

9PM - 11PM EST

Description:

Upgrade FortiGate firmware to address critical SSLVPN vulnerability as explained here.

The upgrade process will result in approximately one or more instances of 10 - 15 minutes of downtime during the maintenance window.

Requesting the Update

If you choose to have SymQuest perform this work, please open a support request and state "Please update Fortigate(s) on [choose a date and window of business hours or after hours from the above options]" and we will be happy to update your firmware for you. Rates for this work will be contracted service rates, after-hours rates will apply if you choose a time that is outside 8:00 am - 5:00 pm Monday - Friday, or a holiday.

Never miss a critical vulnerability alert

Stay in the know and receive a notification right to your inbox when a security message is posted.

Subscribe

Subscribe to receive Network Alerts

×