Security News > 2024 > February > New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday.
CISA's announcement comes one day after Fortinet published a security advisory saying the flaw was "Potentially being exploited in the wild."
While the company has yet to share more details regarding potential CVE-2022-48618, CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, warning that such bugs are "Frequent attack vectors for malicious cyber actors" posing "Significant risks to the federal enterprise."
New Fortinet RCE flaw in SSL VPN likely exploited in attacks.
CISA: Critical Ivanti auth bypass bug now actively exploited.
CISA warns of patched iPhone kernel bug now exploited in attacks.
News URL
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products (source)
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2022-48618 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apple products The issue was addressed with improved checks. | 7.0 |