In addition to patching our own products in rapid succession, our FortiGuard Labs team developed an IPS signature to thwart potential Heartbleed attacks. For users with existing Xtera AscenLink systems still using firmware below V7.1 with Xtera Serial Numbers (AAAA-BBBB-CCCC-DDDD), or any issues accessing Fortinet Support, please contact release dates for other products are pending. For AscenLink customers: A software fix for AscenLink will be available in version 7.1-B5745, which will be available on the support site at on Tuesday, April 15th. The release timeline for FortiADC E-series and Coyote Point products can be found in the following advisory: For FortiADC and Coyote Point customers: Updates will be provided for FortiADC D-Series on or before Wednesday April 16th. This vulnerability is fixed in FortiRecorder version 1.4.1. For FortiRecorder customers: An updated version of FortiRecorder software is now available on the Fortinet support site. Note that only FortiVoice 200D, 200D-T and VM products are affected. For FortiVoice customers: Software updates for affected FortiVoice products will be released on or before Wednesday April 16th. An update for FortiMail 4.3 will be released on Monday April 14th. This vulnerability is fixed in FortiMail versions 5.0.5 and 5.1.2. For FortiMail customers: Software updates for FortiMail 5.0 and 5.1 are now available at Please note that FortiOS 4.3 (4.0MR3) and lower are not affected by this vulnerability. This vulnerability is fixed in FortiOS version 5.0.7. For FortiGate customers: A software update for FortiOS 5 is available for download on the support site at.
Our team is well equipped to analyze, develop, deploy and refactor critical IPS signatures within 48 hours of any breaking attack. This process has been in place for nearly a decade. Our industry-leading security and threat researchers are well prepared to react to and protect our customers from threats such as Heartbleed, thanks to our existing critical update process.
Within hours of the discovery, our FortiGuard Labs product security (PSIRT) and security research teams began developing protections and releasing patches for a variety of Fortinet products. FortiADC D-Series models 1500D, 2000D and 4000D However, some of our product lines were affected. In fact, many of our products, such as our FortiWeb (WAF) products, were immune from day one. Not all Fortinet products were impacted by this bug. This vulnerability may allow an attacker to access sensitive information from memory by sending specially-crafted TLS heartbeat requests.ĭespite the media hype about this vulnerability, it is worth calling out the facts. By now, many of you have heard of the Heartbleed bug, which is a recently disclosed vulnerability that was discovered in OpenSSL versions 1.0.1 through 1.0.1f.
0 kommentar(er)
