Today CISA announced that it had added a stack-based buffer overflow vulnerability in multiple FortiGuard products to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was reported yesterday by FortiGuard (not part of their Cyber Tuesday vulnerability reporting). FortiGuard notes that they discovered the vulnerability based upon it being exploited in the wild. FortiGuard has new versions that mitigate the vulnerability.
CISA has ordered federal agencies using any of the five
affected FortiGuard products to apply “mitigations per vendor instructions,
follow applicable BOD 22-01 guidance for cloud services, or discontinue use of
the product if mitigations are unavailable.” CISA has provided a deadline of June
4th, 2025, for completing those actions.
Posts
No comments:
Post a Comment