Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply necessary updates:
FR-IR-23-390: FortiClientEMS – CSV injection in log download feature
FR-IR-23-328: FortiOS, FortiProxy – Out-of-bounds Write in captive portal
FR-IR-24-013: FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks
FR-IR-23-103: FortiWLM MEA for FortiManager – Improper access control in backup and restore features
FR-IR-24-007: Pervasive SQL injection in DAS component
CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.