As more employees work remotely, organizations have increasingly employed VPN solutions to ensure secure access to business environments. This has made VPNs a popular target for threat actors to exploit, with 45% of organizations experiencing at least one attack in the last 12 months.
The Pentera Labs team uncovered two CVEs that can lead to system privilege escalation and the decryption of sensitive information, which were then responsibly disclosed to Fortinet. Patches were issued in FortiClient version 7.4.1 and they are no longer exploitable.
WHAT IT COVERS
This 30-minute session with the Pentera researcher who revealed these vulnerabilities covers:
- A step-by-step walkthrough of how the zero-days were uncovered
- Key concepts for understanding the vulnerability
- Proper mitigation techniques and patching that can be put in place
Read the full research article to learn more.
.jpg)
