Wednesday, October 9, 2024

CISA Adds FortiOS vulnerability to the KEV Catalog – 10-9-24

Today CISA announced that they had added three additional vulnerabilities to their Known Exploited Vulnerabilities (KEV) catalog including a use of externally controlled format string vulnerability in the FortiGuard FortiOS fgfmd daemon. This vulnerability was previously reported by FortiGuard on February 8th, 2024. FortiGuard has new versions of the affected products that mitigate the vulnerability.

CISA reports in the KEV catalog entry for this vulnerability that it “allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.” CISA is requiring affected federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” This must be accomplished by October 30th, 2024. 

No comments:

 
/* Use this with templates/template-twocol.html */