A new critical vulnerability has been discovered in FortiOS and FortiGate VPNs that could allow an attacker to gain access to sensitive information and take control of affected systems. The vulnerability, tracked as CVE-2023-3839, exists in the SSL VPN functionality of the products and can be exploited by an unauthenticated attacker.
The flaw lies in the way the SSL VPN function handles user authentication requests. An attacker could send a specially crafted request to the VPN server, leading to the execution of arbitrary code with root privileges.
Fortinet, the vendor behind the affected products, has released a security update to address the issue. Users are urged to apply the patch as soon as possible to protect their systems from potential exploitation.
This vulnerability highlights the importance of keeping software and systems up-to-date with the latest security patches to prevent potential cyberattacks.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.