Fortinet Products Multiple Vulnerabilities

Last Update Date: 12 Feb 2025 Release Date: 15 Jan 2025 5079 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, remote code execution, sensitive information disclosure, security restriction bypass, data manipulation, denial of service and spoofing on the targeted system.

 

Note: 

CVE-2024-55591 is being exploited in the wild. Successful exploitation allows remote attackers to gain super-admin privileges by making malicious requests to the Node.js websocket module.

 

[Updated on 2025-01-20]

Updated Impact, Description and Vulnerability Identifier

 

[Updated on 2025-02-12]

Updated Vulnerability Identifier

Impact

  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass
  • Data Manipulation
  • Spoofing
  • Denial of Service
  • Elevation of Privilege

System / Technologies affected

FortiAnalyzer

  • FortiAnalyzer 6.0 all versions
  • FortiAnalyzer 6.2 all versions
  • FortiAnalyzer 6.4 all versions
  • FortiAnalyzer 7.0 all versions
  • FortiAnalyzer 7.2.0 through 7.2.5
  • FortiAnalyzer 7.4.0 through 7.4.3
  • FortiAnalyzer 7.6.0 through 7.6.1
  • FortiAnalyzer Cloud 7.4.1 through 7.4.3

FortiAP

  • FortiAP 6.4 all versions
  • FortiAP 7.0 all versions
  • FortiAP 7.2.0 through 7.2.3
  • FortiAP 7.4.0 through 7.4.2
  • FortiAP-S 6.2 all versions
  • FortiAP-S 6.4.0 through 6.4.9
  • FortiAP-W2 6.4 all versions
  • FortiAP-W2 7.0 all versions
  • FortiAP-W2 7.2.0 through 7.2.3
  • FortiAP-W2 7.4.0 through 7.4.2

FortiManager

  • FortiManager 6.0 all versions
  • FortiManager 6.2 all versions
  • FortiManager 6.4 all versions
  • FortiManager 7.0 all versions
  • FortiManager 7.2.0 through 7.2.8
  • FortiManager 7.4.0 through 7.4.5
  • FortiManager 7.6.0 through 7.6.1
  • FortiManager Cloud 7.0.1 through 7.0.12
  • FortiManager Cloud 7.2.1 through 7.2.7
  • FortiManager Cloud 7.4.0 through 7.4.4
  • FortiManager Cloud 7.6.0 through 7.6.1

FortiOS

  • FortiOS 6.2 all versions
  • FortiOS 6.4 all versions
  • FortiOS 7.0 all versions
  • FortiOS 7.2 all versions
  • FortiOS 7.4.0 through 7.4.4
  • FortiOS 7.6.0

FortiProxy

  • FortiProxy 1.0 all versions
  • FortiProxy 1.1 all versions
  • FortiProxy 1.2 all versions
  • FortiProxy 2.0 all versions
  • FortiProxy 7.0.0 through 7.0.19
  • FortiProxy 7.2.0 through 7.2.12
  • FortiProxy 7.4.0 through 7.4.5

FortiClientWindows

  • FortiClientWindows 6.4 all versions
  • FortiClientWindows 7.0 all versions
  • FortiClientWindows 7.2 all versions
  • FortiClientWindows 7.4.0

FortiClientEMS

  • FortiClientEMS 6.2 all versions
  • FortiClientEMS 6.4 all versions
  • FortiClientEMS 7.0.0 through 7.0.10
  • FortiClientEMS 7.2.0 through 7.2.3

FortiWeb

  • FortiWeb 6.4 all versions
  • FortiWeb 7.0 all versions
  • FortiWeb 7.2 all versions
  • FortiWeb 7.4.0 through 7.4.4
  • FortiWeb 7.6.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

FortinetRemote Code ExecutionInformation DisclosureSecurity Restriction BypassData ManipulationSpoofingDenial of ServiceExploit In The WildElevation of Privilege

Share with

Previous

Adobe Monthly Security Update (February 2025)

12 Feb 2025 3096 Views

Next

Juniper Junos OS Multiple Vulnerabilities

13 May 2024 4296 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY