Fortinet squashes hijack-my-VPN bug in FortiOS gear Fortinet has patched a critical bug in its FortiOS and FortiProxy SSL-VPN that can be exploited to hijack the equipment. The remote code execution vulnerability, tracked as CVE-2023-27997, was spotted and disclosed by Lexfo security analysts Charles Fol and Dany Bach. Fortinet has warned the bug looks to have been exploited …
fortinet is garbage kit...its the Australian Version of TP-LINK.
There are all sorts of problems , right from their earliest implementations , we battled with endless bugs ,strange behavior, 1980's version GUI and in the end we dropped their kit completely, due to their attitude of , well we shipped buggy OS but you still have to pay, despite hte bug being there from years before your support contract ended.
ALL companies should be responsible for "free fixes" to their kit, if bugs existed, it's time we grew up and stopped allowing companies to get away with this endless bullshit of
"well you need a support contract before we will give you the fixes for our own mistakes"
The biggest issue I have with Fortinet is that they're releasing FortiOS with new features before it's ready. Now we have like 4 trains of FortiOS and all of them have bugs one way or another. Lucky for us I turned off SSL-VPN back in December when Fortinet tech support refused to issue a patch on an older FortiOS V6.0 as I wasn't ready to upgrade from V6 to V7. Ironically enough they did released a patched version of FortiOS v6.0 the other day for this vulnerability which I was able to apply.
If Fortinet keeps this up and with their ever high prices of their security subscriptions I will be forced to look for alternatives.
I've deployed several Netgate's pfsense appliances for remote offices and been happy with them. I use pfSense at home as well on repurposed Dell desktop PC.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
