Fortinet Products Multiple Vulnerabilities
Release Date:
13 Jun 2023
6370
Views
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, denial of service, elevation of privilege and security restriction bypass on the targeted system.
Note:
CVE-2023-27997 may have been exploited in a limited number of cases
Impact
- Security Restriction Bypass
- Information Disclosure
- Remote Code Execution
- Elevation of Privilege
- Denial of Service
System / Technologies affected
- FortiADC 5.2 all versions
- FortiADC 5.3 all versions
- FortiADC 5.4 all versions
- FortiADC 6.0 all versions
- FortiADC 6.1 all versions
- FortiADC 6.2 all versions
- FortiADC 7.0 all versions
- FortiADC version 7.1.0 through 7.1.2
- FortiADC version 7.2.0
- FortiADCManager 5.2 all versions
- FortiADCManager 5.3 all versions
- FortiADCManager 5.4 all versions
- FortiADCManager 6.0 all versions
- FortiADCManager 6.1 all versions
- FortiADCManager 6.2 all versions
- FortiADCManager version 7.0.0
- FortiADCManager version 7.1.0
- FortiClientWindows version 6.4.0 through 6.4.8
- FortiClientWindows version 7.0.0 through 7.0.6
- FortiConverter 6.0 all versions
- FortiConverter 6.2 all versions
- FortiConverter version 7.0.0
- FortiNAC 8.5 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.8 all versions
- FortiNAC 9.1 all versions
- FortiNAC 9.2.0 through 9.2.7
- FortiNAC version 9.4.0 through 9.4.2
- FortiNAC-F version 7.2.0
- FortiOS 6.0 all versions
- FortiOS 6.2 all versions
- FortiOS 6.4 all versions
- FortiOS 7.0 all versions
- FortiOS 7.2 all versions
- FortiOS-6K7K version 6.0.10
- FortiOS-6K7K version 6.0.12 through 6.0.16
- FortiOS-6K7K version 6.2.4
- FortiOS-6K7K version 6.2.6 through 6.2.7
- FortiOS-6K7K version 6.2.9 through 6.2.13
- FortiOS-6K7K version 6.4.10
- FortiOS-6K7K version 6.4.12
- FortiOS-6K7K version 6.4.2
- FortiOS-6K7K version 6.4.6
- FortiOS-6K7K version 6.4.8
- FortiOS-6K7K version 7.0.10
- FortiOS-6K7K version 7.0.5
- FortiProxy 1.0 all versions
- FortiProxy 1.1 all versions
- FortiProxy 1.2 all versions
- FortiProxy 2.0 all versions
- FortiProxy 7.0 all versions
- FortiProxy version 7.2.0 through 7.2.3
- FortiSwitchManager version 7.0.0 through 7.0.1
- FortiSwitchManager version 7.2.0 through 7.2.1
- FortiWeb 6.3 all versions
- FortiWeb 6.4 all versions
- FortiWeb version 7.0.0 through 7.0.6
- FortiWeb version 7.2.0 through 7.2.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.fortiguard.com/psirt/FG-IR-23-125
- https://www.fortiguard.com/psirt/FG-IR-23-119
- https://www.fortiguard.com/psirt/FG-IR-23-111
- https://www.fortiguard.com/psirt/FG-IR-23-097
- https://www.fortiguard.com/psirt/FG-IR-22-380
- https://www.fortiguard.com/psirt/FG-IR-22-393
- https://www.fortiguard.com/psirt/FG-IR-23-076
- https://www.fortiguard.com/psirt/FG-IR-23-095
- https://www.fortiguard.com/psirt/FG-IR-22-463
- https://www.fortiguard.com/psirt/FG-IR-22-494
- https://www.fortiguard.com/psirt/FG-IR-22-375
- https://www.fortiguard.com/psirt/FG-IR-23-107
- https://www.fortiguard.com/psirt/FG-IR-22-468
- https://www.fortiguard.com/psirt/FG-IR-22-229
- https://www.fortiguard.com/psirt/FG-IR-22-455
- https://www.fortiguard.com/psirt/FG-IR-22-521
- https://www.fortiguard.com/psirt/FG-IR-22-332
Vulnerability Identifier
- CVE-2022-33877
- CVE-2022-39946
- CVE-2022-41327
- CVE-2022-42474
- CVE-2022-43953
- CVE-2023-22633
- CVE-2023-22639
- CVE-2023-26207
- CVE-2023-26210
- CVE-2023-27997
- CVE-2023-28000
- CVE-2023-29175
- CVE-2023-29178
- CVE-2023-29179
- CVE-2023-29180
- CVE-2023-29181
- CVE-2023-33305
Source
Related Link
- https://www.fortiguard.com/psirt/FG-IR-23-125
- https://www.fortiguard.com/psirt/FG-IR-23-119
- https://www.fortiguard.com/psirt/FG-IR-23-111
- https://www.fortiguard.com/psirt/FG-IR-23-097
- https://www.fortiguard.com/psirt/FG-IR-22-380
- https://www.fortiguard.com/psirt/FG-IR-22-393
- https://www.fortiguard.com/psirt/FG-IR-23-076
- https://www.fortiguard.com/psirt/FG-IR-23-095
- https://www.fortiguard.com/psirt/FG-IR-22-463
- https://www.fortiguard.com/psirt/FG-IR-22-494
- https://www.fortiguard.com/psirt/FG-IR-22-375
- https://www.fortiguard.com/psirt/FG-IR-23-107
- https://www.fortiguard.com/psirt/FG-IR-22-468
- https://www.fortiguard.com/psirt/FG-IR-22-229
- https://www.fortiguard.com/psirt/FG-IR-22-455
- https://www.fortiguard.com/psirt/FG-IR-22-521
- https://www.fortiguard.com/psirt/FG-IR-22-332
- https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign
Related Tags
Share with