Today CISA announced that it had added a path traversal vulnerability in all current versions of the FortiGuard FortiWeb product. FortiGuard published their advisory on this vulnerability today, reporting that they have new versions that mitigate the vulnerability. WatchTower Labs published an article today, both about the vulnerability and the current exploits. They also published a Detection Artifact Generator to detect vulnerable systems.
CISA has directed federal agencies that have the affected
products to apply “mitigations per vendor instructions, follow applicable BOD
22-01 guidance for cloud services, or discontinue use of the product if
mitigations are unavailable.” The deadline for accomplishing these actions is
November 21st, 2025.
Posts
No comments:
Post a Comment