We have completed patching of Fortinet Firewalls for all of our SecureNET clients early this evening. We have now also completed manual patching of all MSA Clients Firewalls.
We have further notified all other clients of the potential impacts, we will continue to monitor this situation over the weekend.
Posted Feb 09, 2024 - 22:54 NZDT
Update
We have formulated a Response to this Critical Incident.
We will be issuing the recommended Firmware updates to all SeucreNET clients from 7.00pm tonight. We will also additionally be issuing manual updates to all of our MSA agreement clients throughout the night.
There may be a brief outage during these updates, we apologize for any inconvenience this may cause however this update cannot be delayed.
Posted Feb 09, 2024 - 17:17 NZDT
Identified
We are aware of multiple new Critical Vulnerabilities in the Fortinet Firewall products.
We have been notified of CVE-2024-21762 and CVE-2024-23113 affecting FortiOS SSL VPN. Fortinet is aware of potential exploitation of CVE-2024-21762 in the wild.
We are presently formulating our response to this and expect to be issuing firmware updates or mitigations as soon as possible.