Description:
Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Affected Systems:
- FortiOS version 6.4.13 through 6.4.15, version 7.0.12 through 7.0.14, version 7.2.5 through 7.2.7, version 7.4.0 through 7.4.3
- FortiAnalyzer version 7.0.0 through 7.0.10, version 7.2.0 through 7.2.4, version 7.4.0 through 7.4.1
- FortiManager version 7.0.0 through 7.0.10, version 7.2.0 through 7.2.4, version 7.4.0 through 7.4.1
- FortiSOAR 6.4 (all versions), 7.0 (all versions), 7.2 (all versions), version 7.3.0 through 7.3.2, version 7.4.0
- FortiDDoS 4.5-5.5 (all versions), version 5.6.0 through 5.6.1, version 5.7.0
- FortiDDoS-F 6.1 (all versions), 6.2 (all versions), 6.3 (all versions), 6.4 through 6.4.1, version 6.5.0
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure, security restriction bypass or tampering of affected system.
Recommendation:
Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.fortiguard.com/psirt/FG-IR-22-047
- https://www.fortiguard.com/psirt/FG-IR-23-088
- https://www.fortiguard.com/psirt/FG-IR-23-467
- https://www.fortiguard.com/psirt/FG-IR-24-012
- https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20240816
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27486
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26211
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21757
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36505