Description:
Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Affected Systems:
- FortiOS version 6.0 (all versions), 6.2 (all versions), 6.4 (all versions), 7.0.0 through 7.0.14, 7.2.0 through 7.2.7
- FortiClientWindows version 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.4, 7.4.0
- FortiClientLinux version 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.4, 7.4.0
- FortiClientMac version 6.4 (all versions), 7.0 (all versions), 7.2.0 through 7.2.4, 7.4.0
- FortiPAM version 1.0 (all versions), 1.1 (all versions), 1.2 (all versions)
- FortiProxy version 1.0 (all versions), 1.1 (all versions), 1.2 (all versions), 2.0 (all versions), 7.0.0 through 7.0.16, 7.2.0 through 7.2.9, 7.4.0 through 7.4.3
- FortiSwitchManager version 7.0.1 through 7.0.3, 7.2.0 through 7.2.3
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution or security restriction bypass of affected system.
Recommendation:
Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.fortiguard.com/psirt/FG-IR-24-036
- https://www.fortiguard.com/psirt/FG-IR-24-170
- https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20240613
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26010