CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations.
Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.