Fortinet【資安通報】 2021/4/6

台北報導 – 2021年4月6日

Fortinet 始終致力與所有客戶攜手優化其企業組織的資安防護措施,保障所有使用者的資訊安全是 Fortinet 的首要之務。早在 2019 年 5 月,Fortinet 已立即對 CVE-2018-13379 發布 產品資安事件應變小組通報(Product Security Incident Response Team Advisory,PSIRT Advisory),且陸續於 2019 年 8 月 和 2020 年 7 月 以企業部落格文章及其他管道強烈建議所有用戶進行更新,直至 2020 年底,Fortinet 團隊仍與所有客戶溝通不輟。

而 Fortinet 也於 2019 年 7 月修補 CVE-2019-5591、2020 年 7 月修補 CVE-2020-12812。儘管 Fortinet 團隊持續敦促使用者進行更新並立即對所有已知漏洞展開修補,但根據 FBI 和 CISA 所發布的聯合資安通報 顯示,有許多使用者未主動採許更新措施並導致相關設備暴露在高度資安風險之下,為此,Fortinet 團隊持續與所有使用者聯繫,並強烈建議其立即進行升級更新以防範可能的資安風險。欲瞭解更多資訊可參閱 Fortinet 部落格文章 或是參考 2019 年 5 月發布的資安通報

At Fortinet, we are on a constant journey with our customers to best protect and secure their organizations. The security of our customers is our first priority. For example, CVE-2018-13379 is an old vulnerability resolved in May 2019. Fortinet immediately issued a PSIRT advisory and communicated directly with customers and via corporate blog posts on multiple occasions in August 2019 and July 2020 strongly recommending an upgrade. Upon resolution we have consistently communicating with customers as recently as late 2020. CVE-2019-5591 was resolved in July 2019 and CVE-2020-12812 was resolved in July 2020. Despite these ongoing communications efforts and process changes, the joint advisory from FBI and CISA that posted on April 2, 2021 provides evidence that there are still unpatched devices in the wild being abused, and highlights the risk of end users not proactively updating appliances. As a result, we are again reaching out to our customers to recommend that they immediately follow the recommendations implement the upgrade and mitigations. To get more information, please visit our blog and immediately refer to the May 2019 advisory.