FG-IR-24-015 (CVE-2024-21762) (CVSS 9.6) - Fortinet Fortigate firewall

..
Product Security Incident Response Team (PSIRT) advisory regarding our FortiOS. 

FG-IR-24-015: FortiOS - Out-of-bound Write in sslvpnd An out-of-bounds write vulnerability (CWE-787) in FortiOS could potentially allow a remote unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests.




And also, the local in policy to enhance the SSL security should be considered:

Config firewall local-in-policy

Edit 4

Set intf "portx" (x is the port number for Public Internet)

Set srcaddr "trusted source IP"

Ste dstaddr "all"

Set action accept

Set service "SSLVPN_10443"

Set schedule "always"

Set status enable

Next

Edit 3

Set intf "portx" (x is the port number for Public Internet)

Set srcaddr "all"

Set dstaddr "all"

Set service "SSLVPN_10443"

Set action deny

Set schedule "always"

Set status enable

Next

end

There are several SSL VPN enhancements consideration:

For long term, you should plan for replace your SSL VPN to ZTNA:

Reference:






想在手機閱讀更多iPhone App資訊?下載【香港矽谷】Android應用
分享到Facebook
技術平台: Nasthon Systems