Fortinet FortOS Multiple Vulnerabilities
Last Update Date:
1 Dec 2020
Release Date:
8 Oct 2019
6957
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet FortOS, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, security restriction bypass, sensitive information disclosure and remote code execution on the targeted system.
Note: These Vulnerabilities Were Reported Being Used In Scattered Attacks.
[Updated 1-12-2020] Note: Added vendor official update regarding CVE-2018-13379.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- FortiOS 6.0, 5.6, 5.4
Only if the SSL VPN service (web-mode or tunnel-mode) is enabled.
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- For detail, please refer to the links below:
https://fortiguard.com/psirt/FG-IR-18-384
https://fortiguard.com/psirt/FG-IR-18-388
https://fortiguard.com/psirt/FG-IR-18-389
https://www.fortinet.com/blog/business-and-technology/update-regarding-cve-2018-13379
Vulnerability Identifier
Source
Related Link
- https://www.fortinet.com/blog/business-and-technology/update-regarding-cve-2018-13379
- https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities
- https://www.us-cert.gov/ncas/current-activity/2019/10/04/vulnerabilities-exploited-multiple-vpn-applications
- https://fortiguard.com/psirt/FG-IR-18-389
- https://fortiguard.com/psirt/FG-IR-18-388
- https://fortiguard.com/psirt/FG-IR-18-384
Share with