The Dutch Military Intelligence and Security Service said it has identified more than 20,000 FortiGate devices that have been compromised by a Chinese state-sponsored threat group.
Fortinet earlier this month disclosed and issued a patch for the flaw (CVE-2023-48788), which exists in FortiClientEMS, its central management solution for endpoints.
Fortinet is urging customers to patch an actively exploited flaw (CVE-2024-21762) in many versions of its FortiOS software.
Fixes for both the Zoho and Fortinet vulnerabilities have been available since last year.
Fortinet has released new firmware updates to patch a remote code execution vulnerability (CVE-2023-27997) that affects all versions of the FortiGate appliance.