Fortinet’s week: a forgettable glance

Fortinet, a major cybersecurity company, had a week filled with security vulnerabilities, disclosure mishaps, and a toothbrush DDoS attack claim. The week started with the disclosure of two critical security vulnerabilities in FortiSIEM, which were mistakenly linked to a previous advisory and then later confirmed to be new vulnerabilities. The company took more than 73 hours to issue an official response, which was considered unprofessional. In addition to this, a critical security vulnerability in FortiOS, impacting its SSL VPN, was disclosed. This vulnerability allows remote unauthenticated attackers to achieve code execution and is believed to have already been exploited as a zero-day. Fortinet has urged users to patch vulnerable VPNs as soon as possible. The company was also tangled in a toothbrush DDoS attack claim, which turned out to be a hypothetical situation that was misinterpreted by the media. Overall, Fortinet’s week was plagued with security issues and mishandled disclosures.