1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Fortinet patches FortiGate Firewall vulnerabilities that allowed

    From TechnologyDaily@1337:1/100 to All on Monday, March 16, 2026 12:45:32
    Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials

    Date:
    Mon, 16 Mar 2026 12:30:00 +0000

    Description:
    Three bugs were recently fixed, all three with a critical severity score.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter Sign up for
    breaking news, reviews, opinion, top tech deals, and more. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful An account already exists for this email address, please log in. Subscribe to our newsletter SentinelOne reports FortiGate NGFW flaws exploited in early 2026 Three critical bugs (CVE-2025-59718, -59719, -2026-24858) enabled admin access and persistence Fortinet issued patches; firms urged to rotate credentials, enforce strong controls, and monitor for lateral movement At the start of the year, cybercriminals were exploiting three vulnerabilities in FortiGate Next-Generation Firewalls (NGFW) to establish persistence and move laterally throughout the network. All recorded attacks were stopped before they could
    do any meaningful harm, and FortiGate has since issued patches to mitigate
    the risk.

    Between December 2025 and February 2026, security researchers SentinelOne observed multiple attacks leveraging three distinct vulnerabilities. The
    first two are tracked as CVE-2025-59718 and CVE-2025-59719 (severity score 9.8/10), and both are rooted in improper verification of cryptographic signatures. These allow unauthenticated attackers to send a crafted SAML
    token and thus gain administrative access to FortiGate devices without valid credentials. The third one is tracked as CVE-2026-24858, also with a severity score of 9.8/10 (critical). It was abused as a zero-day in early 2026, allowing attackers to log into FortiGate devices using an entirely different account. Article continues below You may like Fortinet FortiGate devices hit in automated attacks which create rogue accounts and steal firewall data Fortinet products hit by further security flaws - giving hackers access to systems and more Palo Alto patches a worrying security issue which could
    crash your firewall without even logging in Responding to news CVE-2025-59718 was added to CISAs Known Exploited Vulnerabilities (KEV) catalog in late January, 2026.

    In response to the reports, Fortinet first suspended FortiCloud SSO, and
    after that released a firmware patch. SentinelOne added that besides applying the patch, businesses should take a number of steps to secure their infrastructure. That includes rotating all LDAP and AD credentials associated with FortiGate appliances (especially if they suspect having been breached), enforcing strong admin access controls, replacing weak and default
    credentials for network edge devices, and monitoring for unauthorized local admin account creation.

    Finally, businesses should audit mS-DS-MachineAccountQuota settings to restrict unauthorized workstations joining to the domain, and should make
    sure EDR telemetry from servers adjacent to the NGFW is actively monitored.

    Fortinet is a rather popular maker of business network gear, and as such is often targeted by cybercriminals. Usually, firewalls are among the first
    lines of defense, which is why organizations are advised to patch diligently. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Via Cybersecurity News The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fortinet-patches-fortigate-firewall-vul nerabilities-that-allowed-hackers-to-steal-enterprise-credentials


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)