In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is paramount. Recently, Fortinet, a leading provider of network security solutions, has taken proactive measures by releasing crucial security updates to address vulnerabilities identified across various Fortinet products. These vulnerabilities, if exploited by a cyber threat actor, have the potential to compromise the security of affected systems – allowing unauthorized control.
To safeguard against such risks, the Cybersecurity and Infrastructure Security Agency (CISA) strongly urges users and administrators to carefully review the provided advisories and promptly apply the necessary updates.
Fortinet Security Update FG-IR-23-196
An authenticated attacker could exploit a double free vulnerability [CVE-2023-41678] present in versions of FortiOS and FortiPAM, potentially leading to arbitrary code execution through specifically crafted commands.
Severity: High
Affected Versions:
FortiOS 7.0.0 – 7.0.5
FortiPAM 1.1.0 – 1.1.1
FortiPAM 1.0 all versions
Solutions:
Upgrade to 7.0.6 or above
Upgrade to 1.1.2 or above
Migrate to a fixed release
Fortinet Security Update FG-IR-22-038
In versions of FortiMail, FortiNDR, FortiRecorder, FortiSwitch, and FortiVoiceEnterprise, a vulnerability [CVE-2022-27488] related to cross-site scripting forgery has been identified. This flaw could potentially enable a remote and unauthenticated attacker to execute commands on the Command Line Interface (CLI) by deceiving an authenticated administrator into executing malicious GET requests.
Severity: High
Affected Versions:
FortiMail 7.0.0 – 7.0.3
FortiMail 6.4.0 – 6.4.6
FortiMail 6.2 all versions
FortiMail 6.0 all versions
FortiNDR 7.1.0
FortiNDR 7.0.0 – 7.0.4
ForiNDR 1.5 all versions
FortiNDR 1.4 all versions
FortiNDR 1.3 all versions
FortiNDR 1.2 all versions
FortiNDR 1.1 all versions
FortiRecorder 6.4.0 – 6.4.2
FortiRecorder 6.0.0 – 6.0.11
FortiRecorder 2.7 all versions
FortiRecorder 2.6 all versions
FortiSwitch 7.0.0 – 7.0.4
FortiSwitch 6.4.0 – 6.4.10
FortiSwitch 6.2 all versions
FortiSwitch 6.0 all versions
FortiVoice 6.4.0 – 6.4.7
FortiVoice 6.0.0 – 6.0.11
Solutions:
Upgrade to 7.0.4 or above
Upgrade to 6.4.7 or above
Migrate to a fixed release
Migrate to a fixed release
Upgrade to 7.1.1 or above
Upgrade to 7.0.5 or above
Migrate to a fixed release
Migrate to a fixed release
Migrate to a fixed release
Migrate to a fixed release
Migrate to a fixed release
Upgrade to 6.4.3 or above
Upgrade to 6.0.12 or above
Migrate to a fixed release
Migrate to a fixed release
Upgrade to 7.0.5 or above
Upgrade to 6.4.11 or above
Migrate to a fixed release
Migrate to a fixed release
Upgrade to 6.4.8 or above
Upgrade to 6.0.12 or above
Fortinet Security Update FR-IR-23-138
Versions of FortiOS, FortiProxy, and FortiPAM may contain a format string vulnerability [CVE-2023-36639], which could enable an authenticated user to execute unauthorized code or commands through specifically crafted API requests.
Severity: High
Affected Versions:
FortiOS 7.4.0
FortiOS 7.2.0 – 7.2.4
FortiOS 7.0.0 – 7.0.11
FortiOS 6.4.0 – 6.4.12
FortiOS 6.2.0 – 6.2.15
FortiOS 6.0 all versions
FortiPAM 1.1.0
FortiPAM 1.0 all versions
FortiProxy 7.2.0 – 7.2.4
FortiProxy 7.0.0 – 7.0.10
Solutions:
Upgrade to 7.4.1 or above
Upgrade to 7.2.5 or above
Upgrade to 7.0.12 or above
Upgrade to 6.4.13 or above
Upgrade to 6.2.16 or above
Migrate to a fixed release
Upgrade to 1.1.1 or above
Migrate to a fixed solutions
Upgrade to 7.2.5 or above
Upgrade to 7.0.11 or above
If you need assistance dealing with these vulnerabilities or applying the Fortinet security updates, please contact us by calling (502) 240-0404 or emailing info@mirazon.com.