Citrix has released a security bulletin (CTX693420) disclosing two high-severity vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances. Depending on the deployment configuration, these vulnerabilities could allow attackers to bypass management access controls or perform memory over-reads. 

Fortinet has announced a critical vulnerability surrounding FortiSwitch Firmware. The vulnerability is related to the switch's password change function. An unauthenticated attacker with access to the GUI could modify passwords via specially crafted requests.  

On January 14, 2025, Fortinet announced several vulnerabilities impacting multiple products. At Systems Engineering, we are highlighting these vulnerabilities as they affect the Fortinet solutions we support. Specifically, these issues impact FortiGate, FortiSwitch, FortiManager, FortiAnalyzer, FortiClient EMS, and FortiClient for Windows.

Systems Engineering is aware of the Fortinet FortiOS, FortiManager, and FortiAnalyzer affecting multiple versions of these products.

Fortinet rates these vulnerabilities as HIGH.

Systems Engineering is aware of the Fortinet FortiManager missing authentication for critical function vulnerability in the fgfmd process, CVE-2024-47575. Reports have shown this vulnerability to be exploited in the wild.

Late yesterday, DigiCert announced a critical incident involving the revocation of a subset of TLS/SSL certificates due to a domain control verification (DCV) issue. While necessary to maintain security standards, this action could potentially disrupt services for some organizations that rely on DigiCert certificates to secure public and private web services.

Last October, Cisco announced a security vulnerability in their Duo Authentication for Windows Logon and RDP that impacted releases 4.0 through 4.2.  In April, Cisco delivered a new release and a fix for CVE-2024-20292.