Intro

BlackHat 2019 was interesting from a network-security engineer perspective. Fortinet was a Platinum Plus Sponsor, so there was a possibility to attend live demos and see devices in action. Apart from that, there was also a presentation of Attacking SSL VPN. Targets were: Pulse Secure and Fortinet SSL VPN. Vulnerabilities are:

The biggest issue is that the source code is available online and can be used by anyone, even script-kiddies. Without a deep IT knowledge, some noobie can compromise affected network.

Affected Products:

  • FortiOS 6.0.0 to 6.0.4
  • FortiOS 5.6.0 to 5.6.8
  • FortiOS 5.4.1 to 5.4.10

Affected Feature:

  • SSL-VPN in both tunnel and portal mode
  • Upgrade to FortiOS 5.4.11, 5.6.9, 6.0.5, 6.2.0 or above

Summary:

If you are using SSL-VPN and are running affected FortiOS version, please schedule upgrades immediately. I also recommend watching video demo to be aware how easy it is to use that vulnerability against SSL-VPN.

Reading: