Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Â

CISA encourages users and administrators to review the following advisories and apply necessary updates: Â

FR-IR-23-390: FortiClientEMS – CSV injection in log download feature

FR-IR-23-328: FortiOS, FortiProxy – Out-of-bounds Write in captive portalÂ

FR-IR-24-013: FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks

FR-IR-23-103: FortiWLM MEA for FortiManager – Improper access control in backup and restore features

FR-IR-24-007: Pervasive SQL injection in DAS component

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit

March 9, 2024 0 Comments 0 tags

UnitedHealth said it expects Change Healthcare’s key systems to be restored by March 18, amid reports it paid a $22m ransom to BlackCat

Incognito Darknet Market Mass-Extorts Buyers, Sellers

March 11, 2024 0 Comments 0 tags

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records

CISA Releases Three Industrial Control Systems Advisories

March 5, 2024 0 Comments 0 tags

CISA released three Industrial Control Systems (ICS) advisories on March 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-065-01 Nice Linear eMerge E3-Series