Description:
Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Affected Systems:
- FortiOS version 7.0 (all versions), version 7.2 (all versions), 7.4.0 through 7.4.3
- FortiProxy version 7.0 (all versions), version 7.2 (all versions), 7.4.0 through 7.4.3
- FortiWeb version 6.3 (all versions), version 6.4 (all versions), version 7.0 (all versions), 7.2.0 through 7.2.1
Impact:
Successful exploitation of the vulnerabilities could lead to information disclosure, security restriction bypass, spoofing or tampering of affected system.
Recommendation:
Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.fortiguard.com/psirt/FG-IR-22-326
- https://www.fortiguard.com/psirt/FG-IR-23-446
- https://www.fortiguard.com/psirt/FG-IR-23-485
- https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20240710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26006
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26015
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33509