Fortinet: Attackers can redirect VPN connections
Security updates close several vulnerabilities in FortiADC and FortiOS, among others. There have been no reports of attacks to date.
(Image: Artur Szczybylo/Shutterstock.com)
Several Fortinet products are vulnerable. Attackers can exploit vulnerabilities in FortiADC, FortiAnalyzer, FortiClientEMS, FortiClientWindows, FortiManager, FortiManager Cloud, FortiOS, FortiPAM, FortiProxy, FortiSASE and FortiWeb. In the worst-case scenario, malicious code can be executed.
As can be seen from the security section of the Fortinet website, the majority of vulnerabilities are classified as “medium” threat level. Admins can also find information on the patched versions there. The list in this article goes beyond the scope of this report.
Various attacks possible
The most dangerous is a vulnerability(CVE-2025-31104 / EUVD-2025-17797, CVSS 7.0, risk “high”) in FortiADC. Because certain parts of OS commands are not sufficiently sanitized, authenticated attackers can inject and execute malicious code via prepared HTTP requests.
If attackers successfully exploit a vulnerability(CVE-2024-54019 / EUVD-2025-17801, CVSS 4.4, risk “medium”) in FortiClientWindows, they can redirect VPN connections via DNS spoofing, for example. Such attacks should be possible without authentication.
Videos by heise
FortiOS can be attacked via a vulnerability(CVE-2024-50562 / no EUVD, CVSS 4.4, risk “medium”) and attackers can gain unauthorized access to the SSL VPN portal. To do so, however, they must be in possession of a corresponding cookie.
Fortinet last organized its patchday counterpart in mid-May. The manufacturer also patched security vulnerabilities in various products from its portfolio with updates. The most serious vulnerability affected FortiCamera, FortiMail, FortiNDR, FortiRecorder and FortiVoice. The vulnerability has also already been attacked in the wild.
(des)
