Security Alert (A20-09-08): Multiple Vulnerabilities in FortiGate and FortiOS


 

Published on: 28 September 2020

  
  

Description:

FortiNet released security advisories to address multiple vulnerabilities in FortiGate and FortiOS software. An attacker could exploit these vulnerabilities by sending specially crafted packets, requests or protocol messages to an affected system.

 

Affected Systems:

  • FortiGate prior to version 6.4.1
  • FortiOS prior to version 5.6.13
  • FortiOS prior to version 6.0.11
  • FortiOS prior to version 6.2.5
  • FortiOS prior to version 6.4.2

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to arbitrary code execution, denial of service or security restriction bypass on an affected system.

 

Recommendation:

Software updates for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.fortiguard.com/psirt/FG-IR-20-033
https://www.fortiguard.com/psirt/FG-IR-20-082
https://www.fortiguard.com/psirt/FG-IR-20-083
https://www.hkcert.org/my_url/en/alert/20092501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12818 (to CVE-2020-12820)

 



Tag: Fortinet , FortiOS , FortiGate
Tags