
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

p.privacy-and-terms, li.privacy-and-terms, div.privacy-and-terms

        {mso-style-name:privacy-and-terms;

        margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

span.EmailStyle21

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal">CoIT Security List Members,<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Please see this message about Fortinet devices from Chris Kosciuk.<o:p></o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal">Thanks,<o:p></o:p></p>

<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="color:#2F5496">April Goode, MBA, SPP<br>

<br>

</span></b><img width="145" height="51" style="width:1.5104in;height:.5312in" id="Picture_x0020_1" src="cid:image001.png@01D6C715.DF6B2530"><br>

<b><span style="color:#2F5496"><br>

</span></b><span style="color:#2F5496">Director of OneNet Strategic Planning and Communications<br>

Oklahoma State Regents for Higher Education<br>

405.225.9251<br>

<a href="mailto:april@onenet.net" target="_blank">april@onenet.net</a><b><o:p></o:p></b></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b>From:</b> Kosciuk, Chris <br>

<b>Sent:</b> Monday, November 30, 2020 12:10 PM<br>

<b>To:</b> Goode, April <april@onenet.net><br>

<b>Cc:</b> Royal, Von <von@onenet.net>; Burkhart, Brian <brian@onenet.net>; Pettett, Sky <spettett@onenet.net><br>

<b>Subject:</b> Fw: Fortinet FortiOS System File Leak<o:p></o:p></p>

</div>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div id="divtagdefaultwrapper">

<p><span style="font-size:12.0pt;color:black">Anyone using Fortinet devices especially for SSL VPN, please ensure you are on updated firmware. <o:p></o:p></span></p>

<p><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

<p><span style="font-size:12.0pt;color:black"><a href="https://www.fortiguard.com/psirt/FG-IR-18-384">https://www.fortiguard.com/psirt/FG-IR-18-384</a><o:p></o:p></span></p>

<p><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

<p><span style="font-size:12.0pt;color:black">CK<o:p></o:p></span></p>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

<div>

<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;color:black">

<hr size="2" width="98%" align="center">

</span></div>

<div id="divRplyFwdMsg">

<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> US-CERT <<a href="mailto:US-CERT@ncas.us-cert.gov">US-CERT@ncas.us-cert.gov</a>><br>

<b>Sent:</b> Friday, November 27, 2020 10:18 AM<br>

<b>To:</b> Kosciuk, Chris<br>

<b>Subject:</b> Fortinet FortiOS System File Leak</span><span style="font-size:12.0pt;color:black">

<o:p></o:p></span></p>

<div>

<p class="MsoNormal"><span style="font-size:12.0pt;color:black"> <o:p></o:p></span></p>

</div>

</div>

<div>

<div align="center">

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="700" style="width:525.0pt">

<tbody>

<tr>

<td style="padding:0in 0in 0in 0in">

<p><a name="gd_top"></a><img border="0" width="600" height="100" style="width:6.25in;height:1.0416in" id="_x0000_i1026" src="https://content.govdelivery.com/attachments/fancy_images/USDHSCISA/2020/06/3486054/062920-govdeliveryheader-thin2_original.png" alt="Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow"><o:p></o:p></p>

<p>You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.<o:p></o:p></p>

<div style="margin-bottom:24.0pt">

<div style="margin-bottom:.05in">

<p class="MsoNormal"><b><span style="font-size:13.0pt"><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3VzLWNlcnQuY2lzYS5nb3YvbmNhcy9jdXJyZW50LWFjdGl2aXR5LzIwMjAvMTEvMjcvZm9ydGluZXQtZm9ydGlvcy1zeXN0ZW0tZmlsZS1sZWFrIn0.ULYzfpEfow2YF7J6zfNNCNB16F0GN36joo1tbdNLvmU/s/1193526663/br/90670007929-l">Fortinet

 FortiOS System File Leak</a><o:p></o:p></span></b></p>

</div>

<div style="margin-bottom:.05in">

<p class="MsoNormal"><i><span style="font-size:10.0pt;color:#666666">11/27/2020 11:00 AM EST<o:p></o:p></span></i></p>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div style="margin-bottom:.05in">

<p class="MsoNormal">Original release date: November 27, 2020<o:p></o:p></p>

<p>The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS

 system files. Potentially affected devices may be located in the United States.<o:p></o:p></p>

<p>Fortinet has released a <a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5mb3J0aWd1YXJkLmNvbS9wc2lydC9GRy1JUi0xOC0zODQifQ.HhFZqhnx6Bb4pFoQ769WQ_qajkD-mKsRD5o-AJrwevs/s/1193526663/br/90670007929-l">

security advisory</a> to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs

 on any connected networks to detect any additional threat actor activity.<o:p></o:p></p>

<div>

<p class="privacy-and-terms">This product is provided subject to this <a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3VzLWNlcnQuY2lzYS5nb3YvcHJpdmFjeS9ub3RpZmljYXRpb24ifQ.xQCcBF2Oy8Rj-5mIOquKL_NZ6FlSJvqAepB6gUz-jEw/s/1193526663/br/90670007929-l">

Notification</a> and this <a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5kaHMuZ292L3ByaXZhY3ktcG9saWN5In0.MgELOCAVt4H6e3VlrDkcoDnmT87Rn0kkxnzgXsCn-tg/s/1193526663/br/90670007929-l">

Privacy & Use</a> policy.<o:p></o:p></p>

</div>

</div>

</div>

<div id="mail_footer">

<p align="center" style="text-align:center"><span style="font-size:10.0pt;color:#757575">Having trouble viewing this message? </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTREhTQ0lTQS9idWxsZXRpbnMvMmFlYTBmOCJ9.3Eirze7BRilPhgLGlHN6DZldSQh39ar1R3WrTk5UDoo/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">View

 it as a webpage</span></a>. <o:p></o:p></p>

<p align="center" style="text-align:center"><span style="font-size:10.0pt;color:#757575">You are subscribed to updates from the

</span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5jaXNhLmdvdiJ9.41aCqd0S7WM565663c3R7We0yyyJEKfmmyV3VReHkWc/s/1193526663/br/90670007929-l"><span style="font-size:10.0pt">Cybersecurity

 and Infrastructure Security Agency</span></a><span style="font-size:10.0pt;color:#757575"> (CISA)<br>

</span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3B1YmxpYy5nb3ZkZWxpdmVyeS5jb20vYWNjb3VudHMvVVNESFNDSVNBL3N1YnNjcmliZXIvZWRpdD9wcmVmZXJlbmNlcz10cnVlI3RhYjEifQ.-iTvxMqfQ5L5gmo47EzXLgod6MViDJir7TBjLl0TJyk/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">Manage

 Subscriptions</span></a>  <span style="font-size:10.0pt;color:#757575">|  </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDgsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5jaXNhLmdvdi9wcml2YWN5LXBvbGljeSJ9.xH_6L1C_WLfjEuwICSkOFcXbF7r1_OnJgb0lfbrxhl8/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">Privacy

 Policy</span></a><span style="font-size:10.0pt;color:#757575">  |  <a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDksInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdyYW5pY3VzLmNvbS9zL2FydGljbGUvU3Vic2NyaWJlci1IZWxwLUNlbnRlciJ9.ADK9I9YseQmhtN2YyPblZtPybdNFIaaHac9BJD45nKY/s/1193526663/br/90670007929-l" target="_blank">

Help</a></span><o:p></o:p></p>

<p align="center" style="text-align:center"><span style="font-size:10.0pt;color:#757575">Connect with CISA:

<br>

</span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5mYWNlYm9vay5jb20vQ0lTQSJ9.LDCmUW5O5i3eccw5AQ9-IgaQxhutN-CI7_TA-BwPbns/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">Facebook</span></a><span style="font-size:10.0pt;color:#757575"> 

 |  </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3R3aXR0ZXIuY29tL0NJU0Fnb3YifQ.FIkyrK7MPJNWb5N7iLk84pIMf-i3k3gV1TQSbNvjle8/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">Twitter</span></a><span style="font-size:10.0pt;color:#757575"> 

 |  </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTMsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL0luc3RhZ3JhbS5jb20vY2lzYWdvdiJ9.9Z2MvmROyaSRuX7nM7qtV7tldEvDt7S9mtQ2wH3eDI0/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">Instagram</span></a><span style="font-size:10.0pt;color:#757575"> 

 |  </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTQsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy5saW5rZWRpbi5jb20vY29tcGFueS9jeWJlcnNlY3VyaXR5LWFuZC1pbmZyYXN0cnVjdHVyZS1zZWN1cml0eS1hZ2VuY3kifQ.eOmb7hWoN1YMJ85Nk3SFDOfplUILZJQvqgSEC-hsBX0/s/1193526663/br/90670007929-l" target="_blank"><span style="font-size:10.0pt;color:#00568C">LinkedIn</span></a><span style="font-size:10.0pt;color:#757575"> 

 |   </span><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTUsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3d3dy55b3V0dWJlLmNvbS9jaGFubmVsL1VDeHlxOXJvZS1ucGd6clZ3YnBvQXkwQSJ9.cmxEXP8wIFhUH712rQIbT5JfQpG4B4hy9570BOTEg-s/s/1193526663/br/90670007929-l" target="_self"><span style="font-size:10.0pt;color:#00568C">YouTube</span></a><o:p></o:p></p>

</div>

<div id="tagline">

<div class="MsoNormal" align="center" style="text-align:center">

<hr size="2" width="100%" align="center">

</div>

<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%">

<tbody>

<tr>

<td width="89%" style="width:89.0%;padding:0in 0in 0in 0in">

<p class="MsoNormal"><span style="font-size:7.5pt;font-family:"Arial",sans-serif;color:#757575">This email was sent to

<a href="mailto:ckosciuk@osrhe.edu">ckosciuk@osrhe.edu</a> using GovDelivery Communications Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency · 707 17th St, Suite 4000 · Denver, CO 80202<o:p></o:p></span></p>

</td>

<td width="11%" style="width:11.0%;padding:0in 0in 0in 0in">

<p class="MsoNormal" align="right" style="text-align:right"><a href="https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTYsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMDExMjcuMzEyMjQwMDEiLCJ1cmwiOiJodHRwczovL3N1YnNjcmliZXJoZWxwLmdyYW5pY3VzLmNvbS8ifQ.ngYtFFHxuSI1iVPZ6Lkgf4UNp_x-NSohNX1KMALKe2E/s/1193526663/br/90670007929-l" target="_blank"><span style="text-decoration:none"><img border="0" width="115" style="width:1.1979in" id="_x0000_i1028" src="https://content.govdelivery.com/images/govd-logo-dark.png" alt="GovDelivery logo"></span></a><o:p></o:p></p>

</td>

</tr>

</tbody>

</table>

</div>

</td>

</tr>

</tbody>

</table>

</div>

<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><img border="0" width="1" height="1" style="width:.0104in;height:.0104in" id="_x0000_i1029" src="http://links.govdelivery.com:80/track?enid=ZWFzPTEmYnVsbGV0aW5yZWNpcGllbnRpZD05MDY3MDAwNzkyOS1sJnN1YnNjcmliZXJpZD0xMTkzNTI2NjYzJm1zaWQ9JmF1aWQ9Jm1haWxpbmdpZD0yMDIwMTEyNy4zMTIyNDAwMSZtZXNzYWdlaWQ9TURCLVBSRC1CVUwtMjAyMDExMjcuMzEyMjQwMDEmZGF0YWJhc2VpZD0xMDAxJnR5cGU9b3BlbiZzZXJpYWw9MTY5MzAzMDImZW1haWxpZD1ja29zY2l1a0Bvc3JoZS5lZHUmdXNlcmlkPWNrb3NjaXVrQG9zcmhlLmVkdSZ0YXJnZXRpZD0mZmw9Jm12aWQ9JmV4dHJhPSYmJg=="><o:p></o:p></span></p>

</div>

</div>

</div>

</div>

</body>

</html>