描述:
Fortinet 發布了安全公告,以應對 Fortinet 系統的多個漏洞。攻擊者可以向受影響的系統傳送特製的請求,從而發動攻擊。
受影響的系統:
- FortiAnalyzer
- FortiClientEMS
- FortiIsolator
- FortiManager
- FortiOS
- FortiProxy
- FortiWeb
- FortiSwitch
有關受影響產品的詳細資料,請參閱供應商網站的相應安全公告中有關 “Affected Products” 的部分。
影響:
成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制、仿冒詐騙或篡改。
建議:
適用於受影響系統的修補程式已可獲取。受影響系統的系統管理員應遵從供應商的建議,立即採取行動以降低風險。
進一步資訊:
- https://fortiguard.fortinet.com/psirt/FG-IR-23-165
- https://fortiguard.fortinet.com/psirt/FG-IR-24-392
- https://fortiguard.fortinet.com/psirt/FG-IR-24-435
- https://fortiguard.fortinet.com/psirt/FG-IR-24-046
- https://fortiguard.fortinet.com/psirt/FG-IR-24-397
- https://fortiguard.fortinet.com/psirt/FG-IR-24-453
- https://fortiguard.fortinet.com/psirt/FG-IR-24-111
- https://fortiguard.fortinet.com/psirt/FG-IR-24-184
- https://fortiguard.fortinet.com/psirt/FG-IR-23-344
- https://fortiguard.fortinet.com/psirt/FG-IR-24-474
- https://www.hkcert.org/tc/security-bulletin/fortinet-products-multiple-vulnerabilities_new_20250409
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26013
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48887
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25254