Timely and ongoing communications with our customers is a key component in our efforts to best protect and secure their organization. There are instances where confidential advance customer communications can include early warning on Advisories to enable customers to further strengthen their security posture, prior to the Advisory being publicly released to a broader audience. This process follows best practices for responsible disclosure to ensure our customers have the timely information they need to help them make informed risk-based decisions. For more on Fortinet’s responsible disclosure process, visit the Fortinet Product Security Incident Response Team (PSIRT) page: https://www.fortiguard.com/psirt_policy.
Update 6/11/23 06:01 PM ET: Fortinet has said that the new vulnerability, CVE-2023-27997, may have been exploited in attacks against government, manufacturing, and critical infrastructure.
Well, that’s not good… this will be interesting to watch. We don’t currently use Fortinet products but we are looking at them for our next refresh.