Read the original article at https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products
Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply necessary updates:
- FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations
- FG-IR-23-475 FortiOS – SSLVPN Session Hijacking Using SAML Authentication
- FG-IR-24-144 Privilege Escalation via Lua Auto Patch Function
- FG-IR-24-199 Named Pipes Improper Access Control
Read the original article at https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products