Attackers exploited this critical FortiClient EMS bug as a 0-day
Summary
Fortinet has released an emergency patch for a critical vulnerability in FortiClient Enterprise Management Server (EMS) that has been exploited as a zero-day since at least March 31st. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog.
IFF Assessment
The article describes a critical vulnerability being actively exploited in the wild as a zero-day, which is bad news for defenders who are now racing to patch systems.
Defender Context
This highlights the importance of timely patching for critical infrastructure and enterprise management systems. Defenders should prioritize patching FortiClient EMS installations and monitor for any signs of compromise related to this vulnerability. The inclusion in CISA's KEV catalog means federal agencies will be required to patch it, indicating its high priority for broader organizational defense.