We want to draw your attention to critical vulnerabilities discovered in widely-used security software commonly used by SMEs worldwide. It is essential for users of the software to update it appropriately to avoid being at risk. We strongly recommend informing your customers of this problem if they are unaware.
FortiOS or FortiProxy users should immediately update their software to apply a fix for a critical Remote Code Execution (RCE) bug. You can find out more information here. The latest software versions are:
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.11 or above
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.10 or above
Vulnerabilities have also been found in SonicWall software, including its Global Management System's firewall management and Analytics networking reporting engine software.
Recently, SonicWall released fixes for the 15 bugs discovered. These bugs affect the on-premises versions of GMS 9.3.2-SP1 and earlier and Analytics 220.127.116.11-R7 and earlier. You can find out how to implement the patches here.
Four of the vulnerabilities are deemed critical and could be exploited by hackers to access data held within the application.
Are your customers at risk?
Our cyber risk monitoring solution, Breach Check, scans businesses for cyber risks, including known software vulnerabilities, to detect threats early.
Companies often fall victim to preventable ransom attacks. Breach Check has predicted hundreds of these attacks up to 800 days in advance.
Sign up for a free trial of Breach Check today to scan your clients and prospects to check if they've been affected.
Need more information?
If you have any questions or would like advice from our team concerning these threats, please contact us; we’d be more than happy to help.
The DynaRisk Intelligence Team