Today CISA added an authentication bypass using an alternate path or channel in the FortiGuard FortiOS and FortiProxy products. FortiGuard previously reported the vulnerability on February 11th, 2025, adding it to a previously published advisory, since the fix for the earlier vulnerability also fixed the added vulnerability. Cybersecurity Dive reports that the two vulnerabilities have been exploited by the new SuperBlack ransomware.
CISA is requiring federal agencies to apply “mitigations per
vendor instructions, follow applicable BOD 22-01 guidance for cloud services,
or discontinue use of the product if mitigations are unavailable.” A deadline
of April 8th, 2025 has been provided to covered agencies.
Posts
No comments:
Post a Comment