Fortinet Products Multiple Vulnerabilities

Release Date: 15 Jan 2025 1190 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, security restriction bypass, data manipulation, denial of service and spoofing on the targeted system.

 

Note: 

CVE-2024-55591 is being exploited in the wild. Successful exploitation allows remote attackers to gain super-admin privileges by making malicious requests to the Node.js websocket module.

 

Impact

  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass
  • Data Manipulation
  • Spoofing
  • Denial of Service

System / Technologies affected

FortiAnalyzer

  • FortiAnalyzer 6.0 all versions
  • FortiAnalyzer 6.2 all versions
  • FortiAnalyzer 6.4 all versions
  • FortiAnalyzer 7.0 all versions
  • FortiAnalyzer 7.2.0 through 7.2.5
  • FortiAnalyzer 7.4.0 through 7.4.3
  • FortiAnalyzer 7.6.0 through 7.6.1
  • FortiAnalyzer Cloud 7.4.1 through 7.4.3

FortiAP

  • FortiAP 6.4 all versions
  • FortiAP 7.0 all versions
  • FortiAP 7.2.0 through 7.2.3
  • FortiAP 7.4.0 through 7.4.2
  • FortiAP-S 6.2 all versions
  • FortiAP-S 6.4.0 through 6.4.9
  • FortiAP-W2 6.4 all versions
  • FortiAP-W2 7.0 all versions
  • FortiAP-W2 7.2.0 through 7.2.3
  • FortiAP-W2 7.4.0 through 7.4.2

FortiManager

  • FortiManager 6.0 all versions
  • FortiManager 6.2 all versions
  • FortiManager 6.4 all versions
  • FortiManager 7.0 all versions
  • FortiManager 7.2.0 through 7.2.8
  • FortiManager 7.4.0 through 7.4.5
  • FortiManager 7.6.0 through 7.6.1
  • FortiManager Cloud 7.0.1 through 7.0.12
  • FortiManager Cloud 7.2.1 through 7.2.7
  • FortiManager Cloud 7.4.0 through 7.4.4
  • FortiManager Cloud 7.6.0 through 7.6.1

FortiOS

  • FortiOS 6.2 all versions
  • FortiOS 6.4 all versions
  • FortiOS 7.0 all versions
  • FortiOS 7.2 all versions
  • FortiOS 7.4.0 through 7.4.4
  • FortiOS 7.6.0

FortiProxy

  • FortiProxy 1.0 all versions
  • FortiProxy 1.1 all versions
  • FortiProxy 1.2 all versions
  • FortiProxy 2.0 all versions
  • FortiProxy 7.0.0 through 7.0.19
  • FortiProxy 7.2.0 through 7.2.12
  • FortiProxy 7.4.0 through 7.4.5

FortiClientWindows

  • FortiClientWindows 6.4 all versions
  • FortiClientWindows 7.0 all versions
  • FortiClientWindows 7.2 all versions
  • FortiClientWindows 7.4.0

FortiClientEMS

  • FortiClientEMS 6.2 all versions
  • FortiClientEMS 6.4 all versions
  • FortiClientEMS 7.0.0 through 7.0.10
  • FortiClientEMS 7.2.0 through 7.2.3

FortiWeb

  • FortiWeb 6.4 all versions
  • FortiWeb 7.0 all versions
  • FortiWeb 7.2 all versions
  • FortiWeb 7.4.0 through 7.4.4
  • FortiWeb 7.6.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

FortinetRemote Code ExecutionInformation DisclosureSecurity Restriction BypassData ManipulationSpoofingDenial of ServiceExploit In The Wild

Share with

Previous

Google Chrome Multiple Vulnerabilities

15 Jan 2025 845 Views

Next

Aruba Remote Code Execution Vulnerability

15 Jan 2025 832 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY