🔴 Critical | Source: The Register — Security
Critical command injection vulnerabilities in Fortinet’s FortiSandbox product are being actively exploited by attackers, prompting CISA to issue a mandatory patch order. FortiSandbox is used by organisations to analyse potentially malicious files and URLs in an isolated environment. Active exploitation means unpatched systems are at immediate risk of compromise, potentially allowing attackers to execute arbitrary commands on the underlying host.
Security Architect’s Take: Prioritise patching FortiSandbox instances immediately, particularly any internet-exposed or perimeter-adjacent deployments — CISA’s order applies to US federal agencies but the active exploitation makes this urgent for all organisations. Review firewall rules to restrict management interface access to trusted IPs only while patches are applied.
Original advisory: Attackers target critical FortiSandbox flaws as CISA issues patch order