Systems Engineering is aware of the Fortinet FortiOS, FortiManager, and FortiAnalyzer affecting multiple versions of these products.
Systems Engineering is aware of the Fortinet FortiManager missing authentication for critical function vulnerability in the fgfmd process, CVE-2024-47575. Reports have shown this vulnerability to be exploited in the wild.
Late yesterday, DigiCert announced a critical incident involving the revocation of a subset of TLS/SSL certificates due to a domain control verification (DCV) issue. While necessary to maintain security standards, this action could potentially disrupt services for some organizations that rely on DigiCert certificates to secure public and private web services.
Last October, Cisco announced a security vulnerability in their Duo Authentication for Windows Logon and RDP that impacted releases 4.0 through 4.2. In April, Cisco delivered a new release and a fix for CVE-2024-20292.
Systems Engineering is aware of three Vulnerabilities affecting the Cisco ASA; Cisco Adaptive Security Appliance Web Service Denial of Service Vulnerability - CVE-2024-20353, Cisco Adaptive Security Appliance Command Injection Vulnerability - CVE-2024-20358, and Cisco Adaptive Security Appliance Persistent Local Code Execution Vulnerability - CVE-2024-20359.
Systems Engineering is aware of two vulnerabilities, the Fortinet FortiClient EMS Pervasive SQL injection in DAS component (CVE-2023-48788) and FortiClient EMS - CSV injection in the log download feature (CVE-2023-47534).
Systems Engineering is aware of the group of Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities, CVE: CVE-2024-20252.
