Fortinet Products Multiple Vulnerabilities

Impact

• Cross-Site Scripting
• Security Restriction Bypass
• Information Disclosure
• Data Manipulation
• Remote Code Execution

System / Technologies affected

• FortiOS versions 7.4.0 through 7.4.3
• FortiOS versions 7.2.5 through 7.2.7
• FortiOS versions 7.0.12 through 7.0.14
• FortiOS versions 6.4.13 through 6.4.1
• FortiSOAR version 7.4.0
• FortiSOAR versions 7.3.0 through 7.3.2
• FortiSOAR 7.2 all versions
• FortiSOAR 7.0 all versions
• FortiSOAR 6.4 all versions
• FortiAnalyzer versions 7.4.0 through 7.4.1
• FortiAnalyzer versions 7.2.0 through 7.2.4
• FortiAnalyzer versions 7.0.0 through 7.0.10
• FortiManager versions 7.4.0 through 7.4.1
• FortiManager versions 7.2.0 through 7.2.4
• FortiManager versions 7.0.0 through 7.0.10
• FortiDDoS version 5.7.0
• FortiDDoS versions 5.6.0 through 5.6.1
• FortiDDoS 5.5 all versions
• FortiDDoS 5.4 all versions
• FortiDDoS 5.3 all versions
• FortiDDoS 5.2 all versions
• FortiDDoS 5.1 all versions
• FortiDDoS 5 all versions
• FortiDDoS 4.7 all versions
• FortiDDoS 4.6 all versions
• FortiDDoS 4.5 all versions
• FortiDDoS-F version 6.5.0
• FortiDDoS-F versions 6.4.0 through 6.4.1
• FortiDDoS-F 6.3 all versions
• FortiDDoS-F 6.2 all versions
• FortiDDoS-F 6.1 all versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-24-012
• https://fortiguard.fortinet.com/psirt/FG-IR-23-088
• https://www.fortiguard.com/psirt/FG-IR-23-467
• https://www.fortiguard.com/psirt/FG-IR-22-047

Vulnerability Identifier

• CVE-2022-27486
• CVE-2023-26211
• CVE-2024-21757
• CVE-2024-36505

Source

• Fortinet

Related Link

• https://www.fortiguard.com/psirt/FG-IR-24-012
• https://fortiguard.fortinet.com/psirt/FG-IR-23-088
• https://www.fortiguard.com/psirt/FG-IR-23-467
• https://www.fortiguard.com/psirt/FG-IR-22-047