Read the original article at https://www.cisa.gov/news-events/alerts/2024/03/12/fortinet-releases-security-updates-multiple-products
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply necessary updates:
-
[FR-IR-23-390: FortiClientEMS – CSV injection in log download feature]
-
[FR-IR-23-328: FortiOS, FortiProxy – Out-of-bounds Write in captive portal]
-
[FR-IR-24-013: FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks]
-
[FR-IR-23-103: FortiWLM MEA for FortiManager – Improper access control in backup and restore features]
Read the original article at https://www.cisa.gov/news-events/alerts/2024/03/12/fortinet-releases-security-updates-multiple-products