Yesterday CISA announced that they had added an improper verification of cryptographic signature vulnerability in multiple FortiGuard products to their Known Exploited Vulnerabilities (KEV) catalog. FortiGuard previously disclosed the vulnerability along with mitigation measures and new versions that fixed the vulnerability. Three days later Arctic Wolf reported exploits of the vulnerability (along with a related improper verification vulnerability that is not yet been added to the KEV catalog) in the wild.
CISA had directed federal agencies using the affected
FortiGuard products to apply mitigations per vendor instructions, follow
applicable BOD 22-01 guidance for cloud services, or discontinue use of the
product if mitigations are unavailable. A deadline of December 23rd,
2025 has been provided for those actions.
Posts
No comments:
Post a Comment