Upcoming Advisories172 Zero-Day Vulnerabilities Discovered since 2006
144 Vulnerabilities Disclosed & Patched
28 Remain in Zero-Day State Unpatched
|FG-VD ID||Affected Vendors||Risk||Reported Date|
|FG-VD-15-024||Foxit Software||4 High||03/25/2015|
|FG-VD-15-019||Zabbix SIA||3 Medium||03/09/2015|
|FG-VD-15-016||PCRE Library Project||4 High||02/27/2015|
|FG-VD-15-015||PCRE Library Project||5 Critical||02/26/2015|
|FG-VD-15-007||F5 Networks||3 Medium||01/26/2015|
FortiGuard protects against zero-day threats and APTs by providing proactive IPS detection well in advance of patches or updated provided by the vulnerable vendor(s). Listed are notifications of vulnerabilities we believe to be in a zero-day state after discovering and reporting to the affected vendor(s). Entries will only be listed once the vendor has confirmed, or we have not had a response from the vendor after four weeks. Only high level details are presented here since the vulnerability is still zero-day.
FortiGuard Labs actively research and discover zero-day vulnerabilities in products which are likely candidates that a hacker would also uncover. Once the flaw is discovered, it is confidentially disclosed to the affected vendor(s) under our Responsible Disclosure protocols. Our team proactively discovers these with the following goals:
1) Protect our customers via zero-day IPS for the zero-day flaws that we exclusively uncover. Since FortiGuard Labs discovers the Proof of Concept (POC), we can create protection well in advance before a vendor patch / update is available. It's an effective and important component of Advanced Persistent Threat protection.
2) Notify the vendor(s) immediately via PSIRT so that they may plan to patch the hole and protect their clients.
3) Reduce the number of holes that malicious attackers may find, adding resistance to their efforts.