CISA Adds FortiGuard Vulnerability to KEV – 1-14-25

Yesterday, CISA announced that it had added a FortiOS and FortiProxy authorization bypass vulnerability to their Known Exploited Vulnerabilities catalog. The vulnerability was reported yesterday by FortiGuard. FortiGuard has new versions that mitigate the vulnerability as well as indicator of compromise information. CISA has directed federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” The agency deadline for those actions is January 21^st, 2025.