政府电脑保安事故协调中心 - 高危保安警报 (A24-10-22): Fortinet 产品多个漏洞

描述:

Fortinet 发布了安全公告，以应对 Fortinet 系统的多个漏洞。攻击者可以向受影响的系统传送特制的请求，从而攻击这些漏洞。

有报告指 FortiManager 远端执行程式码漏洞 (CVE-2024-47575) 正受到攻击。系统管理员及用户应立即为受影响的系统安装修补程式，以减低受到网络攻击的风险。

受影响的系统:

FortiADC
FortiADCManager
FortiAIOps
FortiAnalyzer
FortiAP
FortiAuthenticator
FortiClientAndroid
FortiClientEMS
FortiClientiOS
FortiClientLinux
FortiClientMac
FortiClientWindows
FortiConnect
FortiDDoS
FortiDeceptor
FortiEdge
FortiExtender
FortiIsolator
FortiMail
FortiManager
FortiNDR
FortiOS
FortiPAM
FortiPentest
FortiPortal
FortiProxy
FortiRecorder
FortiSandbox
FortiSIEM
FortiSwitch
FortiSwitchManager
FortiTester
FortiVoice
FortiVoiceEnterprise
FortiWAN
FortiWeb
FortiWLC
FortiWLM

有关受影响产品的详细资料，请参阅供应商网站的相应安全公告中有关 “Affected Products” 的部分。

影响:

成功利用漏洞可以在受影响的系统导致远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安限制、仿冒诈骗或篡改。

建议:

适用于受影响系统的修补程式已可获取。受影响系统的系统管理员应遵从供应商的建议，立即採取行动以降低风险。

进一步资讯:

https://fortiguard.fortinet.com/psirt/FG-IR-18-292
https://fortiguard.fortinet.com/psirt/FG-IR-20-143
https://fortiguard.fortinet.com/psirt/FG-IR-21-046
https://fortiguard.fortinet.com/psirt/FG-IR-21-056
https://fortiguard.fortinet.com/psirt/FG-IR-21-173
https://fortiguard.fortinet.com/psirt/FG-IR-21-206
https://fortiguard.fortinet.com/psirt/FG-IR-21-228
https://fortiguard.fortinet.com/psirt/FG-IR-22-026
https://fortiguard.fortinet.com/psirt/FG-IR-22-049
https://fortiguard.fortinet.com/psirt/FG-IR-22-059
https://fortiguard.fortinet.com/psirt/FG-IR-22-166
https://fortiguard.fortinet.com/psirt/FG-IR-22-352
https://fortiguard.fortinet.com/psirt/FG-IR-22-396
https://fortiguard.fortinet.com/psirt/FG-IR-22-445
https://fortiguard.fortinet.com/psirt/FG-IR-22-455
https://fortiguard.fortinet.com/psirt/FG-IR-22-522
https://fortiguard.fortinet.com/psirt/FG-IR-23-062
https://fortiguard.fortinet.com/psirt/FG-IR-23-103
https://fortiguard.fortinet.com/psirt/FG-IR-23-137
https://fortiguard.fortinet.com/psirt/FG-IR-23-187
https://fortiguard.fortinet.com/psirt/FG-IR-23-201
https://fortiguard.fortinet.com/psirt/FG-IR-23-204
https://fortiguard.fortinet.com/psirt/FG-IR-23-221
https://fortiguard.fortinet.com/psirt/FG-IR-23-224
https://fortiguard.fortinet.com/psirt/FG-IR-23-268
https://fortiguard.fortinet.com/psirt/FG-IR-23-304
https://fortiguard.fortinet.com/psirt/FG-IR-23-385
https://fortiguard.fortinet.com/psirt/FG-IR-23-397
https://fortiguard.fortinet.com/psirt/FG-IR-23-413
https://fortiguard.fortinet.com/psirt/FG-IR-23-423
https://fortiguard.fortinet.com/psirt/FG-IR-23-432
https://fortiguard.fortinet.com/psirt/FG-IR-23-446
https://fortiguard.fortinet.com/psirt/FG-IR-23-472
https://fortiguard.fortinet.com/psirt/FG-IR-24-029
https://fortiguard.fortinet.com/psirt/FG-IR-24-036
https://fortiguard.fortinet.com/psirt/FG-IR-24-196
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://www.hkcert.org/tc/security-bulletin/fortinet-fortimanager-remote-code-execution-vulnerability_20241024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545 (to CVE-2023-38546)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44253 (to CVE-2023-44254)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47575

标签 : Fortinet , FortiADC , FortiADCManager , FortiAIOps , FortiAnalyzer , FortiAP , FortiAuthenticator , FortiClientAndroid , FortiClientEMS , FortiClientiOS , FortiClientLinux , FortiClientMac , FortiClientWindows , FortiConnect , FortiDDoS , FortiDeceptor , FortiEdge , FortiExtender , FortiIsolator , FortiMail , FortiManager , FortiNDR , FortiOS , FortiPAM , FortiPentest , FortiPortal , FortiProxy , FortiRecorder , FortiSandbox , FortiSIEM , FortiSwitch , FortiSwitchManager , FortiTester , FortiVoice , FortiVoiceEnterprise , FortiWAN , FortiWeb , FortiWLC , FortiWLM