好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,找出关键信息。 文章主要讲的是美国CISA将Fortinet产品的漏洞CVE-2026-24858加入到已知被利用的漏洞目录中。这个漏洞的CVSS评分为9.4,属于高危。它允许攻击者绕过身份验证,影响FortiOS、FortiManager和FortiAnalyzer等产品。 Fortinet已经开始发布补丁,并且提到该漏洞已经被恶意利用,导致两个账户被封禁。此外,CISA要求联邦机构在1月30日前修复这个漏洞。 接下来,我需要将这些信息浓缩到100字以内。要确保涵盖CISA的行动、漏洞的影响、修复情况以及CISA的要求。 可能会这样组织:美国CISA将Fortinet产品的高危漏洞加入目录,影响多个产品,已有补丁发布,CISA要求修复。 最后检查字数是否在限制内,并确保信息准确无误。 </think> 美国网络安全和基础设施安全局(CISA)将Fortinet多个产品中的一个关键漏洞(CVE-2026-24858)添加到其已知被利用的漏洞目录中。该漏洞允许攻击者绕过身份验证,影响FortiOS、FortiManager和FortiAnalyzer等产品。 Fortinet已发布补丁,并指出该漏洞已被恶意利用。 CISA要求联邦机构在2026年1月30日前修复此漏洞。 2026-1-28 19:25:57 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2026-24858 (CVSS score of 9.4), to its Known Exploited Vulnerabilities (KEV) catalog.
This week, Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other products are impacted.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.” reads the advisory. “Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device’s GUI, unless the administrator disables the toggle switch “Allow administrative login using FortiCloud SSO” in the registration page, FortiCloud SSO login is enabled upon registration.”
The company pointed out that FortiCloud SSO login is disabled by default. It only activates when an admin registers the device to FortiCare via the GUI or explicitly enables the FortiCloud SSO admin login option.
The cybersecurity vendor confirmed the flaw was exploited by two malicious FortiCloud accounts, blocked on Jan 22, 2026. To stop abuse, FortiCloud SSO was disabled on Jan 26, then re-enabled on Jan 27. SSO now blocks vulnerable versions, forcing customers to upgrade to supported releases to continue using FortiCloud SSO authentication.
The company is still investigating if other solutions, such as FortiWeb and FortiSwitch Manager are impacted by the vulnerability.
Fortinet provided a workaround stating that FortiCloud SSO no longer allows logins from devices running vulnerable versions, so disabling SSO on the client side is not strictly required. However, as an extra precaution, administrators can manually disable FortiCloud SSO on FortiOS, FortiProxy, FortiManager, and FortiAnalyzer via the GUI or CLI until systems are fully patched.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by January 30, 2026.
US CISA also published an alert related to this flaw titled “Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858“
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh