Fortinet announced a vulnerability pertaining to the FortiGate SSLVPN. While this vulnerability has been determined to be difficult to exploit, it provides a mechanism for an attacker to potentially execute arbitrary code, and information can be found here. The specifics of the CVE that is involved can be reviewed by searching the CVE number, but below is a brief description.
- CVE-2021-26109: SSL VPN vulnerability (Patched in 6.0.13, 6.2.10, 6.4.6, and 7.0.1)
Because of the nature of this vulnerability, SymQuest recommends updating FortiGate firmware to a non-impacted version. If you have a FortiGate and would like us to perform this update for you it will be done so at a time and material basis during the upcoming maintenance windows listed below. The time estimated for this work is dependent on the currently running firmware version and will range from 1 - 2 hours in most cases.