Looking Back at Fortinet’s Security Research and Vulnerability Discoveries

Credit to Author: Peixue Li| Date: Tue, 21 Feb 2017 14:31:33 -0800

In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their vendors. As a result, Fortinet products have been able to proactively protect Fortinet customers’ networks and systems against zero-day attacks targeting these vulnerabilities long before vendor patches for them became available.

Of the 84 vulnerabilities we have discovered, vendors have patched 41 of them, 24 have been confirmed and are being patched by the vendors, and vendors are currently investigating 19 of them. See the Figure 1 below.

Vulnerabilities categorized by status

Figure 1. Vulnerabilities categorized by status

You can find all of the patched vulnerabilities by clicking here and searching for "FG-VD-16". Clicking here and searching for "FG-VD-16" will let you find the unpatched vulnerabilities. Looking through the vulnerability list you will find that vulnerable products include products from large tech companies such as Microsoft, IBM, Google, and Adobe.

When evaluating the severity of these 84 vulnerabilities, we rated 14 of them as Critical, 45 of them as High, 22 of them as Medium, and 3 of them as Low. See Figure 2, below.

 Vulnerabilities categorized by severity

Figure 2. Vulnerabilities categorized by severity

To help users better understand the root cause and risks of these vulnerabilities, Fortinet security researchers have written a number of deep analysis reports and posted them in Fortinet security research blogs. You can read these reports by selecting the following links:

As a security development and research company, protecting our customers in a proactive way is our highest goal. Which is why we have dedicated so many security research team members and resources to uncover vulnerabilities in widely used products. The more potential threats we can discover, the more protections we can add to our products, allowing us to better protect our customers against zero-day attacks.

 

Sign up for weekly Fortinet FortiGuard Labs Threat Intelligence Briefs and stay on top of the newest emerging threats.

https://blog.fortinet.com/feed