Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply necessary updates:
FR-IR-23-390: FortiClientEMS – CSV injection in log download feature
FR-IR-23-328: FortiOS, FortiProxy – Out-of-bounds Write in captive portal
FR-IR-24-013: FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks
FR-IR-23-103: FortiWLM MEA for FortiManager – Improper access control in backup and restore features
FR-IR-24-007: Pervasive SQL injection in DAS component
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released seven Industrial Control Systems (ICS) advisories on July 1, 2025. These advisories provide…
This website uses cookies.