Tag: ssl vpn

ADVISORIES | August 7, 2024

IOActive Security Advisory | PLANET Networking – Vulnerabilities Identified

By Daniel Martinez

Affected Product

  • IGS-4215-16T2S

Firmware Version

  • 1.305b210528

Background

IOActive had the chance to access the IGS-4215-16T2S device. IOActive identified three vulnerabilities which need attention.

Timeline

  • 2022-09-29: IOActive discovers the vulnerabilities
  • 2023-03-29: IOActive informs Planet Technology about the identified vulnerabilities
  • 2023-12-13: Planet released a new firmware version (1.305b231218) informing IOActive that the vulnerabilities are fixed
  • 2024-01-09: IOActive notifies the vulnerability to INCIBE, Spanish CERT
  • 2024-02-16: IOActive confirm that the vulnerabilities were fixed after retesting them in the new firmware version
  • 2024-03-21: INCIBE shared the CVEs assigned with IOActive
  • 2024-08-07: IOActive advisory published
  • NOTE : While publishing this disclosure, IOActive had retested version FW-IGS-4215-16T2S_v1.305b231218.bix with hash 6e4ea892dc0d203c83ff02a2cba13e83. This version had the fixes. PLANET Technology published a firmware FW-IGS-4215-16T2S_v1.305b240227.bix with the hash abe64b8a62ebf339fb404fd85c0081b. They had informed that the findings have been fixed in this version. IOActive has not reviewed this firmware.
Read The Full Advisory
ADVISORIES | July 25, 2024

IOActive Security Advisory | Fortinet FortiGate – Cross-site Scripting in SSL VPN

By Jamie Riden

Affected Products

Version Affected
FortiOS 7.4 7.4.0 through 7.4.3
FortiOS 7.2 7.2.0 through 7.2.7
FortiOS 7.0 7.0.0 through 7.0.13
FortiOS 6.4 6.4 all versions
FortiProxy 7.4 7.4.0 through 7.4.3
FortiProxy 7.2 7.2.0 through 7.2.9
FortiProxy 7.0 7.0.0 through 7.0.16


Background

Fortinet, Inc. (Fortinet) is a global leader of cybersecurity solutions and services that provides protection against cyber threats. It is a company that develops and sells security products and solutions, such as firewalls, endpoint security, intrusion prevention systems, web filtering, antivirus, sandbox, and VPN.

FortiGate is a network security device that provides protection against cyber threats. The device can perform various functions, such as, firewall, intrusion prevention system, web content filtering, antivirus, sandbox and VPN and is part of the Fortinet Security Fabric, which integrates different security products and services into a unified and automated platform.


Timeline

  • 2023-11-16: IOActive discovers the vulnerability
  • 2023-11-22: IOActive informs Fortinet about the identified vulnerability
  • 2024-01-12: Fortinet acknowledges the issue
  • 2024-04-26: CVE ID pre-reserved by Fortinet
  • 2024-07-10: Advisory published by Fortinet
  • 2024-07-25: IOActive advisory published