Three critical Fortinet sandbox bugs splattered by unknown attackers
Summary
Three critical vulnerabilities in Fortinet's FortiSandbox products have been exploited by unknown attackers. The vulnerabilities have been patched by Fortinet, and users are urged to upgrade to a fixed version of the software.
IFF Assessment
The exploitation of critical vulnerabilities in a security product by unknown attackers represents a direct threat to organizations relying on that product for defense.
Severity
Given the description of 'critical' vulnerabilities and successful exploitation by attackers, it's highly likely they possess a high CVSS score, potentially around 9.8 (Critical), due to factors like easy attack vector, high impact on confidentiality, integrity, and availability, and exploitability.
Defender Context
This incident highlights the importance of timely patching for security appliances, as attackers are actively exploiting vulnerabilities in such systems. Defenders should prioritize updating their Fortinet FortiSandbox instances to mitigate the risk of compromise.