Security News

90 readers

1 users here now

founded 2 years ago

MODERATORS

jerry@infosec.pub

Fortinet tries to silently patch critical RCE, researches burn it (www.bleepingcomputer.com)

submitted 1 year ago by execveat@infosec.pub to c/securitynews@infosec.pub

2 comments fedilink hide all child comments

Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on Advisories to enable customers to further strengthen their security posture, prior to the Advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions. For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: https://www.fortiguard.com/psirt_policy.

top 2 comments

sorted by: hot top controversial new old

[–] execveat@infosec.pub 2 points 1 year ago

With all of the embarrassing command injections they keep getting, Fortinet should assess their SOC and incident preparedness and find compromises that may lie hidden by calling their own Security Advisory Services.

[–] foggenbooty@lemmy.world 2 points 1 year ago

Update 6/11/23 06:01 PM ET: Fortinet has said that the new vulnerability, CVE-2023-27997, may have been exploited in attacks against government, manufacturing, and critical infrastructure.

Well, that's not good... this will be interesting to watch. We don't currently use Fortinet products but we are looking at them for our next refresh.