The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests," Fortinet noted in an advisory for the flaw back in February 2024. As is typically the case, the bulletin is sparse on details related to how the shortcoming is being exploited in the wild, or who is weaponizing it and against whom. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations by October 30, 2024, for optimum protection. Palo Alto Networks Discloses Critical Bugs in Expedition The development comes as Palo Alto Networks disclosed multiple security flaws in Expedition that could allow an attacker to read database contents and arbitrary files, in addition to writing arbitrary files to temporary storage locations on the system. "Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls," Palo Alto Networks said in…Read More