政府電腦保安事故協調中心 - 高危保安警報 (A24-10-22): Fortinet 產品多個漏洞

描述:

Fortinet 發布了安全公告，以應對 Fortinet 系統的多個漏洞。攻擊者可以向受影響的系統傳送特製的請求，從而攻擊這些漏洞。

有報告指 FortiManager 遠端執行程式碼漏洞 (CVE-2024-47575) 正受到攻擊。系統管理員及用戶應立即為受影響的系統安裝修補程式，以減低受到網絡攻擊的風險。

受影響的系統:

FortiADC
FortiADCManager
FortiAIOps
FortiAnalyzer
FortiAP
FortiAuthenticator
FortiClientAndroid
FortiClientEMS
FortiClientiOS
FortiClientLinux
FortiClientMac
FortiClientWindows
FortiConnect
FortiDDoS
FortiDeceptor
FortiEdge
FortiExtender
FortiIsolator
FortiMail
FortiManager
FortiNDR
FortiOS
FortiPAM
FortiPentest
FortiPortal
FortiProxy
FortiRecorder
FortiSandbox
FortiSIEM
FortiSwitch
FortiSwitchManager
FortiTester
FortiVoice
FortiVoiceEnterprise
FortiWAN
FortiWeb
FortiWLC
FortiWLM

有關受影響產品的詳細資料，請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。

影響:

成功利用漏洞可以在受影響的系統導致遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制、仿冒詐騙或篡改。

建議:

適用於受影響系統的修補程式已可獲取。受影響系統的系統管理員應遵從供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://fortiguard.fortinet.com/psirt/FG-IR-18-292
https://fortiguard.fortinet.com/psirt/FG-IR-20-143
https://fortiguard.fortinet.com/psirt/FG-IR-21-046
https://fortiguard.fortinet.com/psirt/FG-IR-21-056
https://fortiguard.fortinet.com/psirt/FG-IR-21-173
https://fortiguard.fortinet.com/psirt/FG-IR-21-206
https://fortiguard.fortinet.com/psirt/FG-IR-21-228
https://fortiguard.fortinet.com/psirt/FG-IR-22-026
https://fortiguard.fortinet.com/psirt/FG-IR-22-049
https://fortiguard.fortinet.com/psirt/FG-IR-22-059
https://fortiguard.fortinet.com/psirt/FG-IR-22-166
https://fortiguard.fortinet.com/psirt/FG-IR-22-352
https://fortiguard.fortinet.com/psirt/FG-IR-22-396
https://fortiguard.fortinet.com/psirt/FG-IR-22-445
https://fortiguard.fortinet.com/psirt/FG-IR-22-455
https://fortiguard.fortinet.com/psirt/FG-IR-22-522
https://fortiguard.fortinet.com/psirt/FG-IR-23-062
https://fortiguard.fortinet.com/psirt/FG-IR-23-103
https://fortiguard.fortinet.com/psirt/FG-IR-23-137
https://fortiguard.fortinet.com/psirt/FG-IR-23-187
https://fortiguard.fortinet.com/psirt/FG-IR-23-201
https://fortiguard.fortinet.com/psirt/FG-IR-23-204
https://fortiguard.fortinet.com/psirt/FG-IR-23-221
https://fortiguard.fortinet.com/psirt/FG-IR-23-224
https://fortiguard.fortinet.com/psirt/FG-IR-23-268
https://fortiguard.fortinet.com/psirt/FG-IR-23-304
https://fortiguard.fortinet.com/psirt/FG-IR-23-385
https://fortiguard.fortinet.com/psirt/FG-IR-23-397
https://fortiguard.fortinet.com/psirt/FG-IR-23-413
https://fortiguard.fortinet.com/psirt/FG-IR-23-423
https://fortiguard.fortinet.com/psirt/FG-IR-23-432
https://fortiguard.fortinet.com/psirt/FG-IR-23-446
https://fortiguard.fortinet.com/psirt/FG-IR-23-472
https://fortiguard.fortinet.com/psirt/FG-IR-24-029
https://fortiguard.fortinet.com/psirt/FG-IR-24-036
https://fortiguard.fortinet.com/psirt/FG-IR-24-196
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://www.hkcert.org/tc/security-bulletin/fortinet-fortimanager-remote-code-execution-vulnerability_20241024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545 (to CVE-2023-38546)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41679
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42787
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44253 (to CVE-2023-44254)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47575

標籤 : Fortinet , FortiADC , FortiADCManager , FortiAIOps , FortiAnalyzer , FortiAP , FortiAuthenticator , FortiClientAndroid , FortiClientEMS , FortiClientiOS , FortiClientLinux , FortiClientMac , FortiClientWindows , FortiConnect , FortiDDoS , FortiDeceptor , FortiEdge , FortiExtender , FortiIsolator , FortiMail , FortiManager , FortiNDR , FortiOS , FortiPAM , FortiPentest , FortiPortal , FortiProxy , FortiRecorder , FortiSandbox , FortiSIEM , FortiSwitch , FortiSwitchManager , FortiTester , FortiVoice , FortiVoiceEnterprise , FortiWAN , FortiWeb , FortiWLC , FortiWLM