Fortinet FortiOS System File Leak

Original release date: November 27, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States.

Fortinet has released a security advisory to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs on any connected networks to detect any additional threat actor activity.

This product is provided subject to this Notification and this Privacy & Use policy.

Fortinet FortiOS System File Leak

Original release date: November 27, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States.

Fortinet has released a security advisory to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs on any connected networks to detect any additional threat actor activity.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

Original release date: November 27, 2020

Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisory SA-CORE-2020-013 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

Original release date: November 27, 2020

Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisory SA-CORE-2020-013 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.