Blog Security Research Exploring a VPN Appliance: A Researcher’s Journey Ben Barnea is a Security Researcher at Akamai with interest and experience in conducting low-level security research and vulnerability research across various architectures, including Windows, Linux, IoT, and mobile. He enjoys learning how complex mechanisms work and, more important, how they fail. As VPNs are a gateway into the organization's network, vulnerabilities in those appliances have a major impact on organizations. \r\n Akamai researcher Ben Barnea found multiple vulnerabilities in Fortinet’s FortiOS. \r\n An unauthenticated attacker can trigger vulnerabilities that may lead to DoS and RCE \r\n The DoS vulnerability is easy to exploit and causes the Fortigate appliance to be nonfunctional. \r\n We assume that the RCE vulnerability is difficult to exploit. \r\n The vulnerabilities were responsibly disclosed to Fortinet, and were assigned CVE-2024-46666 and CVE-2024-46668 .…