Today CISA announced that they had added an OS command injection vulnerability in the FortiGuard FortiWeb products to their Known Exploited Vulnerabilities (KEV) catalog. FortiGuard reported the vulnerability today, noting that it had been exploited in the wild. The vulnerability was reported by Jason McFadyen from Trend Research of Trend Micro.
CISA has directed
federal agencies that are using the affected FortiWeb products to apply “mitigations
per vendor instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations are unavailable.” CISA
has set November 25th, 2025 as the deadline for agencies to comply.
Posts
No comments:
Post a Comment