Security Alert (A24-05-16): Multiple Vulnerabilities in Fortinet Products


 

Published on: 17 May 2024

  
  

Description:

Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.

 

Affected Systems:

  • FortiOS version 6.0.0 through 6.0.16, 6.2 (all versions), 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.7, 7.4.0 through 7.4.1
  • FortiWeb version 6.3 (all versions), 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.7, 7.4.0 through 7.4.2
  • FortiWebManager version 6.0.2, 6.2.3 through 6.2.4, 6.3.0, 7.0.0 through 7.0.4, 7.2.0
  • FortiNAC version 7.2.0 through 7.2.3, 8.7 (all versions), 8.8 (all versions), 9.1 (all versions), 9.2 (all versions), 9.4.0 through 9.4.4
  • FortiProxy version 1.0 (all versions), 1.1 (all versions), 1.2 (all versions), 2.0 (all versions), 7.0.0 through 7.0.13, 7.2.0 through 7.2.7, 7.4.0 through 7.4.1
  • FortiSwitchManager version 7.0.0 through 7.0.2, 7.2.0 through 7.2.2
  • FortiAuthenticator version 6.4 (all versions), 6.5.0 through 6.5.3, 6.6.0

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege or security restriction bypass of affected system.

 

Recommendation:

Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.fortiguard.com/psirt/FG-IR-23-137
  • https://www.fortiguard.com/psirt/FG-IR-23-191
  • https://www.fortiguard.com/psirt/FG-IR-23-195
  • https://www.fortiguard.com/psirt/FG-IR-23-222
  • https://www.fortiguard.com/psirt/FG-IR-23-225
  • https://www.fortiguard.com/psirt/FG-IR-23-415
  • https://www.fortiguard.com/psirt/FG-IR-23-465
  • https://www.fortiguard.com/psirt/FG-IR-23-474
  • https://www.fortiguard.com/psirt/FG-IR-24-017
  • https://www.fortiguard.com/psirt/FG-IR-24-040
  • https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20240517
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36640
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44247
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45583
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45586
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46714
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23107
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23664 (to CVE-2024-23665)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23667 (to CVE-2024-23670)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26007
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31488


Tag: Fortinet , FortiOS , FortiWeb , FortiWebManager , FortiNAC , FortiProxy , FortiSwitchManager , FortiAuthenticator
Tags