Everybody agrees that the organizations have to have a vulnerability management system but is that enough? Well... NO! Having a vulnerability management system without a robust patch management means to sit back and wait for the attackers compromise your systems. It will only increase your headache and pain. (Remember: Ignorance is bliss 😜 )
A zero-day exploit for Fortinet firewalls was announced in mid-January this year (2025) but it seems that too many firewall administrators are still not aware of this threat. Approximately 50,000 Fortinet boxes on the world are still exposed to that zero-day exploit. (CVE-2024-55591) (According to the reports of Shadowserver: https://bit.ly/42wNjDI)
Nearly 50,000 Fortinet firewalls remain vulnerable to a zero-day exploit (CVE-2024-55591) discovered in mid-January 2025, according to Shadowserver (https://bit.ly/42wNjDI).
While vulnerability management is essential for identifying weaknesses, it's only half the battle. Without a patch management system to deploy timely fixes, these vulnerabilities become open invitations for attackers.
If you don't want to see your organization on the internet hacker news the next day then DO have a robust vulnerability AND patch management system.
"Data from the Shadowserver Foundation shows 48,457 Fortinet boxes are still publicly exposed and haven't had the patch for CVE-2024-55591 applied, despite stark warnings issued over the past seven days."
"Fortinet offered some relief, however, stating that if the usual security best practices have been followed since then, the risk of compromise is small. Devices purchased after December 2022 are all also unaffected."
No comments:
Post a Comment