Refine your search
34 vulnerabilities found for FortiADC by Fortinet
CVE-2025-58412 (GCVE-0-2025-58412)
Vulnerability from nvd
Published
2025-11-19 09:49
Modified
2025-11-20 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Execute unauthorized code or commands
Summary
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 8.0.0 Version: 7.6.0 ≤ 7.6.3 Version: 7.4.0 ≤ 7.4.9 Version: 7.2.0 ≤ 7.2.8 cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:55:21.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:36:14.427Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58412",
"datePublished": "2025-11-19T09:49:04.525Z",
"dateReserved": "2025-09-01T09:44:13.174Z",
"dateUpdated": "2025-11-20T16:36:14.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54971 (GCVE-0-2025-54971)
Vulnerability from nvd
Published
2025-11-18 17:01
Modified
2025-11-19 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information disclosure
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.8 Version: 7.1.0 ≤ 7.1.5 Version: 7.0.0 ≤ 7.0.6 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:16:46.116202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:16:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:17.182Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.6.0 or above\nUpgrade to FortiADC version 7.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54971",
"datePublished": "2025-11-18T17:01:17.182Z",
"dateReserved": "2025-08-04T08:14:35.421Z",
"dateUpdated": "2025-11-19T14:16:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48839 (GCVE-0-2025-48839)
Vulnerability from nvd
Published
2025-11-18 17:01
Modified
2025-11-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Execute unauthorized code or commands
Summary
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 8.0.0 Version: 7.6.0 ≤ 7.6.2 Version: 7.4.0 ≤ 7.4.7 Version: 7.2.0 ≤ 7.2.8 Version: 7.1.0 ≤ 7.1.5 Version: 7.0.0 ≤ 7.0.6 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:25.620Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.3 or above\nUpgrade to FortiADC version 7.4.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-48839",
"datePublished": "2025-11-18T17:01:25.620Z",
"dateReserved": "2025-05-27T08:00:40.714Z",
"dateUpdated": "2025-11-19T04:55:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58412 (GCVE-0-2025-58412)
Vulnerability from cvelistv5
Published
2025-11-19 09:49
Modified
2025-11-20 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Execute unauthorized code or commands
Summary
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 8.0.0 Version: 7.6.0 ≤ 7.6.3 Version: 7.4.0 ≤ 7.4.9 Version: 7.2.0 ≤ 7.2.8 cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T04:55:21.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.3",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T16:36:14.427Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-736"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-58412",
"datePublished": "2025-11-19T09:49:04.525Z",
"dateReserved": "2025-09-01T09:44:13.174Z",
"dateUpdated": "2025-11-20T16:36:14.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48839 (GCVE-0-2025-48839)
Vulnerability from cvelistv5
Published
2025-11-18 17:01
Modified
2025-11-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Execute unauthorized code or commands
Summary
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 8.0.0 Version: 7.6.0 ≤ 7.6.2 Version: 7.4.0 ≤ 7.4.7 Version: 7.2.0 ≤ 7.2.8 Version: 7.1.0 ≤ 7.1.5 Version: 7.0.0 ≤ 7.0.6 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "8.0.0"
},
{
"lessThanOrEqual": "7.6.2",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.7",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-bounds Write vulnerability [CWE-787] in FortiADC 8.0.0, 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:25.620Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-225"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 8.0.1 or above\nUpgrade to FortiADC version 7.6.3 or above\nUpgrade to FortiADC version 7.4.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-48839",
"datePublished": "2025-11-18T17:01:25.620Z",
"dateReserved": "2025-05-27T08:00:40.714Z",
"dateUpdated": "2025-11-19T04:55:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54971 (GCVE-0-2025-54971)
Vulnerability from cvelistv5
Published
2025-11-18 17:01
Modified
2025-11-19 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information disclosure
Summary
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiADC |
Version: 7.4.0 Version: 7.2.0 ≤ 7.2.8 Version: 7.1.0 ≤ 7.1.5 Version: 7.0.0 ≤ 7.0.6 Version: 6.2.0 ≤ 6.2.6 cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:16:46.116202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:16:51.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.4.0"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.5",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.6",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password via the logs of the product"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:01:17.182Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-686"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiADC version 7.6.0 or above\nUpgrade to FortiADC version 7.4.3 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54971",
"datePublished": "2025-11-18T17:01:17.182Z",
"dateReserved": "2025-08-04T08:14:35.421Z",
"dateUpdated": "2025-11-19T14:16:51.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2025-AVI-1023
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | N/A | FortiExtender versions antérieures à 7.4.8 | ||
| Fortinet | FortiSASE | FortiSASE versions antérieures à 25.3.c | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.2.11 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.6 (à venir) | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.6.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 8.0.x antérieures à 8.0.2 | ||
| Fortinet | FortiADC | FortiADC versions 8.0.x antérieures à 8.0.1 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.6.4 | ||
| Fortinet | N/A | FortiExtender versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions à 4.4.8 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.6 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
"product": {
"name": "FortiSASE",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions \u00e0 4.4.8",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-46215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
},
{
"name": "CVE-2025-58412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
},
{
"name": "CVE-2025-54821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
},
{
"name": "CVE-2025-46776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
},
{
"name": "CVE-2025-46775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
},
{
"name": "CVE-2025-59669",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
},
{
"name": "CVE-2025-54660",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
},
{
"name": "CVE-2025-47761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
},
{
"name": "CVE-2025-48839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
},
{
"name": "CVE-2025-53843",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
},
{
"name": "CVE-2025-61713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
},
{
"name": "CVE-2025-54971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
},
{
"name": "CVE-2025-58692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
},
{
"name": "CVE-2025-54972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
},
{
"name": "CVE-2025-58413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
},
{
"name": "CVE-2025-58034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
},
{
"name": "CVE-2025-46373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
}
],
"initial_release_date": "2025-11-19T00:00:00",
"last_revision_date": "2025-11-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
}
]
}
CERTFR-2025-AVI-0871
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDLP | FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x et 7.0.x | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiTester | FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.0.7 à 6.0.12 | ||
| Fortinet | FortiClient | FortiClientMac toutes versions 7.0.x | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise toutes versions 7.3.x et 7.4.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiPAM | FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x | ||
| Fortinet | FortiSRA | FortiSRA versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiDLP | FortiDLP versions 12.2.x et antérieures à 12.2.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiNDR | FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiManager | FortiManager Cloud toutes versions 6.4.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiSIEM | FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiIsolator | FortiIsolator versions 2.4.x antérieures à 2.4.5 | ||
| Fortinet | FortiTester | FortiTester version 7.4 antérieures à 7.4.3 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiIsolator | FortiIsolator toutes versions 2.3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud toutes versions 6.4.x | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x et 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
"product": {
"name": "FortiDLP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud toutes versions 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester version 7.4 ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator toutes versions 2.3.x",
"product": {
"name": "FortiIsolator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud toutes versions 6.4.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
},
{
"name": "CVE-2025-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
},
{
"name": "CVE-2025-31365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
},
{
"name": "CVE-2025-49201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
},
{
"name": "CVE-2025-54822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
},
{
"name": "CVE-2025-57741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
},
{
"name": "CVE-2025-58903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
},
{
"name": "CVE-2025-31514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
},
{
"name": "CVE-2025-25253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
},
{
"name": "CVE-2024-33507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
},
{
"name": "CVE-2025-25255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
},
{
"name": "CVE-2023-46718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
},
{
"name": "CVE-2025-47890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
},
{
"name": "CVE-2025-54988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
},
{
"name": "CVE-2024-26008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
},
{
"name": "CVE-2025-25252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
},
{
"name": "CVE-2024-48891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
},
{
"name": "CVE-2025-59921",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
},
{
"name": "CVE-2025-53951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
},
{
"name": "CVE-2025-53950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
},
{
"name": "CVE-2025-58324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
},
{
"name": "CVE-2025-53845",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
},
{
"name": "CVE-2024-50571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
},
{
"name": "CVE-2025-46774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
},
{
"name": "CVE-2025-31366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
},
{
"name": "CVE-2025-57716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
},
{
"name": "CVE-2024-47569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
},
{
"name": "CVE-2025-22258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
},
{
"name": "CVE-2025-57740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
},
{
"name": "CVE-2025-54973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
},
{
"name": "CVE-2025-54658",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0871",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
}
]
}
CERTFR-2025-AVI-0679
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.1.x antérieures à 7.1.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.0.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.11 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.5.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.4.8 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.5.x antérieures à 1.5.1 | ||
| Fortinet | FortiCamera | FortiCamera versions 2.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.4.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.2.10 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.7.10 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.0.1 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.4.4 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.2 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.6.x antérieures à 7.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions 2.1.x toutes versions",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
},
{
"name": "CVE-2025-47857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
},
{
"name": "CVE-2025-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
},
{
"name": "CVE-2024-48892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
},
{
"name": "CVE-2025-53744",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
},
{
"name": "CVE-2024-52964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
},
{
"name": "CVE-2025-49813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
},
{
"name": "CVE-2025-25256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
},
{
"name": "CVE-2025-52970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
},
{
"name": "CVE-2025-27759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
},
{
"name": "CVE-2025-32932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
},
{
"name": "CVE-2024-26009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
},
{
"name": "CVE-2024-40588",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
},
{
"name": "CVE-2023-45584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
}
]
}
CERTFR-2025-AVI-0496
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.9 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 7.2.x | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.1.x | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.2 | ||
| Fortinet | FortiADC | FortiADC toutes versions 7.0.x | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.4.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 1.2.x | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiOS | FortiOS toutes versions 7.0.x | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiOS | FortiOS toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientWindows toutes versions 7.0.x | ||
| Fortinet | FortiClient | FortiClientEMS toutes versions 6.4.x | ||
| Fortinet | FortiOS | FortiOS toutes versions 7.2.x | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.3.x antérieures à 1.3.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.5 | ||
| Fortinet | FortiSRA | FortiSRA versions 1.4.x antérieures à 1.4.2 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 2.0.x | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiADC | FortiADC toutes versions 6.1.x | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiProxy | FortiProxy toutes versions 7.0.x | ||
| Fortinet | FortiADC | FortiADC versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.2.x antérieures à 1.2.1 | ||
| Fortinet | FortiClient | FortiClientEMS toutes versions 6.2.x | ||
| Fortinet | FortiPAM | FortiPAM versions 1.0.x antérieures à 1.0.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.1.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 7.0.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.4.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 1.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 7.0.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 6.2.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows toutes versions 7.0.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS toutes versions 6.4.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS toutes versions 7.2.x",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.2.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.3.x ant\u00e9rieures \u00e0 1.3.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "FortiSRA",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC toutes versions 6.1.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy toutes versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.2.x ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS toutes versions 6.2.x",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.0.x ant\u00e9rieures \u00e0 1.0.4",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-32119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32119"
},
{
"name": "CVE-2023-48786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48786"
},
{
"name": "CVE-2024-50562",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50562"
},
{
"name": "CVE-2025-22256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22256"
},
{
"name": "CVE-2023-29184",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29184"
},
{
"name": "CVE-2024-54019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54019"
},
{
"name": "CVE-2025-24471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24471"
},
{
"name": "CVE-2025-31104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31104"
},
{
"name": "CVE-2024-45329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45329"
},
{
"name": "CVE-2024-50568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50568"
},
{
"name": "CVE-2025-25250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25250"
},
{
"name": "CVE-2025-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22251"
},
{
"name": "CVE-2025-22254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22254"
},
{
"name": "CVE-2025-22862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22862"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0496",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-385",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-385"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-274",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-274"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-257",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-257"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-099",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-099"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-375",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-375"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-058",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-058"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-008",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-008"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-006",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-006"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-287",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-287"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-342",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-342"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-008",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-008"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-544",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-544"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-339",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-339"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-365",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-365"
}
]
}
CERTFR-2025-AVI-0197
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.4.4 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | N/A | FortiSRA versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.3.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.4.x antérieures à 1.4.3 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.16 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.6 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.6.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.16 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiIsolator versions 2.4.x antérieures à 2.4.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 5.0.x antérieures à 5.0.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.4.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-54026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
},
{
"name": "CVE-2024-45328",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
},
{
"name": "CVE-2024-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
},
{
"name": "CVE-2024-54018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
},
{
"name": "CVE-2024-54027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
},
{
"name": "CVE-2023-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
},
{
"name": "CVE-2023-48790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
},
{
"name": "CVE-2024-32123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
},
{
"name": "CVE-2024-55590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
},
{
"name": "CVE-2024-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
},
{
"name": "CVE-2023-40723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
},
{
"name": "CVE-2023-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
},
{
"name": "CVE-2024-55597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
},
{
"name": "CVE-2024-55592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
},
{
"name": "CVE-2024-33501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
},
{
"name": "CVE-2024-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
},
{
"name": "CVE-2024-45324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
},
{
"name": "CVE-2024-55594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
}
],
"initial_release_date": "2025-03-12T00:00:00",
"last_revision_date": "2025-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0197",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
}
]
}
CERTFR-2025-AVI-0031
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.2.5 | ||
| Fortinet | FortiDDoS-F | FortiDDoS-F versions antérieures à 6.3.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 7.0.5 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiSOAR | Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.16 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiWLC | FortiWLC versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiPortal | FortiPortal versions 6.0.x antérieures à 6.0.15 | ||
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.4.0 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiMail | FortiMail versions 6.4x antérieures à 6.4.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions antérieures à 6.0.10 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions antérieures à 7.2.4 | ||
| Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.2.5 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.10 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.1 | ||
| Fortinet | FortiAP | FortiAP versions antérieures à 7.2.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.2.8 | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.4.1 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.2.2 Security Patch 9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 6.0.1 | ||
| Fortinet | FortiAP-S | FortiAP-S versions antérieures à 6.4.10 | ||
| Fortinet | FortiVoiceEnterprise | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions antérieures à 6.3.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.19 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager Cloud versions antérieures à 7.0.13 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiAP | FortiAP versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.5 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.14 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.2.2 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.12 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer Cloud versions antérieures à 7.0.12 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.15 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.3 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.4.0 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.1.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.0.5 | ||
| Fortinet | FortiAP-W2 | FortiAP-W2 versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.7 | ||
| Fortinet | FortiADC | FortiADC versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiTester | FortiTester versions antérieures à 7.2.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAuthenticator | FortiAuthenticator versions 6.4.x antérieures à 6.4.1 | ||
| Fortinet | FortiVoice | FortiVoice versions antérieures à 6.4.10 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.12 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.5.x antérieures à 7.5.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiDDoS-F",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "FortiWLC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiAP-S",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiVoiceEnterprise",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiAP-W2",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiTester",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiAuthenticator",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
},
{
"name": "CVE-2023-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
},
{
"name": "CVE-2024-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
},
{
"name": "CVE-2023-42786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
},
{
"name": "CVE-2024-35280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
},
{
"name": "CVE-2024-35273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
},
{
"name": "CVE-2024-48884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
},
{
"name": "CVE-2024-46666",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
},
{
"name": "CVE-2022-23439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
},
{
"name": "CVE-2024-47571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
},
{
"name": "CVE-2024-35275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
},
{
"name": "CVE-2024-47573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
},
{
"name": "CVE-2024-52963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
},
{
"name": "CVE-2023-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
},
{
"name": "CVE-2024-33503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
},
{
"name": "CVE-2024-55593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
},
{
"name": "CVE-2024-48885",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
},
{
"name": "CVE-2024-46662",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
},
{
"name": "CVE-2024-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
},
{
"name": "CVE-2024-48893",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
},
{
"name": "CVE-2024-47566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
},
{
"name": "CVE-2024-52969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
},
{
"name": "CVE-2024-35276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
},
{
"name": "CVE-2024-40587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
},
{
"name": "CVE-2024-36512",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
},
{
"name": "CVE-2023-46715",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
},
{
"name": "CVE-2024-36510",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
},
{
"name": "CVE-2024-56497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
},
{
"name": "CVE-2024-46665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
},
{
"name": "CVE-2024-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
},
{
"name": "CVE-2024-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
},
{
"name": "CVE-2024-52967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
},
{
"name": "CVE-2023-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
},
{
"name": "CVE-2024-46668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
},
{
"name": "CVE-2024-35278",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
},
{
"name": "CVE-2024-26012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
},
{
"name": "CVE-2024-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
},
{
"name": "CVE-2024-23106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
},
{
"name": "CVE-2024-54021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
},
{
"name": "CVE-2024-46669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
},
{
"name": "CVE-2023-5217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
},
{
"name": "CVE-2023-42785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
},
{
"name": "CVE-2024-36504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
},
{
"name": "CVE-2024-35277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2024-48886",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
},
{
"name": "CVE-2024-50564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
},
{
"name": "CVE-2024-33502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
},
{
"name": "CVE-2024-45331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
},
{
"name": "CVE-2024-50563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
},
{
"name": "CVE-2024-36506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
},
{
"name": "CVE-2024-46667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
},
{
"name": "CVE-2024-46670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
},
{
"name": "CVE-2024-47572",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
}
],
"initial_release_date": "2025-01-15T00:00:00",
"last_revision_date": "2025-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0031",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
},
{
"published_at": "2025-01-15",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
}
]
}
CERTFR-2024-AVI-0763
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions antérieures à 7.2.5 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.4.5 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.4.x antérieures à 7.4.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions antérieures à 7.2.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 4.2.7 | ||
| Fortinet | FortiClient | FortiClientWindows versions antérieures à 7.0.12 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiClient | FortiClientEMS versions antérieures à 7.0.13 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientEMS Cloud versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiClient | FortiClientEMS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.5 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientLinux versions antérieures à 7.2.5 | ||
| Fortinet | FortiClient | FortiClientiOS versions antérieures à 7.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiClient | FortiClientAndroid versions antérieures à 7.2.1 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.3.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.0 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.5 | ||
| Fortinet | FortiEDR Manager | FortiEDR Manager versions antérieures à 6.2.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientiOS versions ant\u00e9rieures \u00e0 7.4",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientAndroid versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.3.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Manager versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "FortiEDR Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-44254",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44254"
},
{
"name": "CVE-2024-35282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35282"
},
{
"name": "CVE-2024-31490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31490"
},
{
"name": "CVE-2024-45323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45323"
},
{
"name": "CVE-2024-36511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36511"
},
{
"name": "CVE-2024-33508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33508"
},
{
"name": "CVE-2022-45856",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45856"
},
{
"name": "CVE-2024-31489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31489"
},
{
"name": "CVE-2024-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21753"
},
{
"name": "CVE-2024-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4863"
}
],
"initial_release_date": "2024-09-11T00:00:00",
"last_revision_date": "2024-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0763",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-282",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-282"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-123",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-123"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-256",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-256"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-139",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-139"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-051",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-051"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-204",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-204"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-371",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-371"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-230",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-230"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-362",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-362"
},
{
"published_at": "2024-09-10",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-048",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-048"
}
]
}
CERTFR-2024-AVI-0404
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy 7.0.x versions antérieures à 7.0.14 | ||
| Fortinet | FortiProxy | FortiProxy 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiWebManager 6.0.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions pour la vulnérabilité CVE-2024-23665 | ||
| Fortinet | FortiNAC | FortiNAC 8.7.x toutes versions | ||
| Fortinet | FortiNAC | FortiNAC 8.8.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiSOAR | FortiSOAR 7.0.x toutes versions | ||
| Fortinet | N/A | FortiAuthenticator 6.6.x versions antérieures à 6.6.1 | ||
| Fortinet | FortiSOAR | FortiSOAR cyops Connector versions antérieures à 2.1.0 | ||
| Fortinet | FortiNAC | FortiNAC 9.4.x versions antérieures à 9.4.5 | ||
| Fortinet | FortiProxy | FortiProxy 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager 7.0.x versions antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | FortiNAC | FortiNAC 9.2.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.2.x toutes versions | ||
| Fortinet | N/A | FortiAuthenticator 6.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.0.x versions antérieures à 7.0.13 | ||
| Fortinet | FortiPortal | FortiPortal 7.0.x versions antérieures à 7.0.7 | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiSOAR | FortiSOAR 7.3.x versions antérieures à 7.3.1 | ||
| Fortinet | FortiPAM | FortiPAM 1.1.x versions antérieures à 1.1.1 | ||
| Fortinet | FortiSOAR | FortiSOAR 7.2.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.1.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 4.4.x versions antérieures à 4.4.5 | ||
| Fortinet | N/A | FortiVoice 7.0.x versions antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy 1.2.x toutes versions | ||
| Fortinet | N/A | FortiWebManager 7.0.x versions antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiWebManager 6.3.x versions antérieures à 6.3.1 | ||
| Fortinet | FortiProxy | FortiProxy 2.0.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x versions antérieures à 7.0.9 | ||
| Fortinet | FortiWeb | FortiWeb 7.4.x versions antérieures à 7.4.3 | ||
| Fortinet | N/A | FortiWebManager 6.2.x versions antérieures à 6.2.5 | ||
| Fortinet | N/A | FortiVoice 6.0.x toutes versions | ||
| Fortinet | N/A | FortiWebManager 7.2.x versions antérieures à 7.2.1 | ||
| Fortinet | FortiWeb | FortiWeb 6.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.0 toutes versions pour les vulnérabilités CVE-2023-36640 et CVE-2023-45583 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.2.x versions antérieures à 7.2.8 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x versions antérieures à 4.2.7 | ||
| Fortinet | FortiPortal | FortiPortal 7.2.x versions antérieures à 7.2.2 | ||
| Fortinet | FortiNAC | FortiNAC 9.1.x toutes versions | ||
| Fortinet | FortiPortal | FortiPortal 6.0.x versions antérieures à 6.0.15 | ||
| Fortinet | N/A | FortiVoice 6.4.x versions antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiAuthenticator 6.5.x versions antérieures à 6.5.4 | ||
| Fortinet | FortiADC | FortiADC 7.2.x versions antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS 7.4.x versions antérieures à 7.4.2 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager 7.2.x versions antérieures à 7.2.3 | ||
| Fortinet | FortiNAC | FortiNAC 7.2.x versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy 1.0.x toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-23665",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.7.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.8.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.0.x toutes versions",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator 6.6.x versions ant\u00e9rieures \u00e0 6.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR cyops Connector versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.4.x versions ant\u00e9rieures \u00e0 9.4.5",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.2.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.2.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator 6.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 7.0.x versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.3.x versions ant\u00e9rieures \u00e0 7.3.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.1.x versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR 7.2.x toutes versions",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.1.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.4.x versions ant\u00e9rieures \u00e0 4.4.5",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 7.0.x versions ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.2.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.3.x versions ant\u00e9rieures \u00e0 6.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 2.0.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x versions ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 6.2.x versions ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 6.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.4.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2023-36640 et CVE-2023-45583",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x versions ant\u00e9rieures \u00e0 4.2.7",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 7.2.x versions ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 9.1.x toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal 6.0.x versions ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice 6.4.x versions ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator 6.5.x versions ant\u00e9rieures \u00e0 6.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.0.x toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26007"
},
{
"name": "CVE-2024-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
},
{
"name": "CVE-2023-40720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40720"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-48789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48789"
},
{
"name": "CVE-2024-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21760"
},
{
"name": "CVE-2023-44247",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44247"
},
{
"name": "CVE-2024-31493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31493"
},
{
"name": "CVE-2024-23664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23664"
},
{
"name": "CVE-2023-50180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50180"
},
{
"name": "CVE-2024-23670",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23670"
},
{
"name": "CVE-2024-3302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3302"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2023-45583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45583"
},
{
"name": "CVE-2024-31488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31488"
},
{
"name": "CVE-2023-46714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46714"
},
{
"name": "CVE-2024-23667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23667"
},
{
"name": "CVE-2024-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23107"
},
{
"name": "CVE-2024-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23105"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2023-45586",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45586"
},
{
"name": "CVE-2024-23668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23668"
},
{
"name": "CVE-2023-36640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36640"
},
{
"name": "CVE-2024-31491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31491"
},
{
"name": "CVE-2024-23665",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23665"
},
{
"name": "CVE-2024-30255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-23669",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23669"
}
],
"initial_release_date": "2024-05-15T00:00:00",
"last_revision_date": "2024-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-225 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-225"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-040 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-040"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-282 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-282"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-406 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-406"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-137 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-222 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-052 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-052"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-474 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-474"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-195 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-195"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-433 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-433"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-021 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-021"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-420 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-420"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-054 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-054"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-465 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-465"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-415 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-415"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-191 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-191"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-017 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-017"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-120 du 14 mai 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-120"
}
]
}
CERTFR-2023-AVI-1018
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiMail | FortiMail 6.0.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiTester 2.6.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.1.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.0.x antérieures à 3.0.4 | ||
| Fortinet | N/A | FortiTester 3.5.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiOS | FortiOS 6.4.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 7.0.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch 6.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 6.2.x toutes versions | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiRecorder | FortiRecorder 2.6.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.2.x toutes versions | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 6.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.1.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 6.0.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder 2.7.x toutes versions | ||
| Fortinet | FortiSandbox | FortiSandbox 3.1.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.5.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.0.x toutes versions | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiTester 3.9.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | FortiSandbox | FortiSandbox 3.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.2.x toutes versions | ||
| Fortinet | FortiOS | FortiOS 7.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.7.x toutes versions | ||
| Fortinet | FortiADC | FortiADC 7.1.x toutes versions | ||
| Fortinet | FortiMail | FortiMail 6.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiWeb | FortiWeb 6.3.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | N/A | FortiTester 2.7.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | N/A | FortiTester 2.3.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiTester 2.8.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.3.x toutes versions | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiNDR versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | FortiTester 7.2.x toutes versions | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiSwitch | FortiSwitch 6.0.x toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiTester 2.9.x toutes versions | ||
| Fortinet | N/A | FortiVoice versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiADC | FortiADC 6.1.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.13 | ||
| Fortinet | FortiPAM | FortiPAM 1.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 2.4.x toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | N/A | FortiTester 4.0.x toutes versions | ||
| Fortinet | N/A | FortiTester 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.1.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.5.x toutes versions | ||
| Fortinet | FortiWeb | FortiWeb 6.2.x toutes versions | ||
| Fortinet | N/A | FortiNDR 1.4.x toutes versions | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.0.x antérieures à 6.0.12 | ||
| Fortinet | FortiPAM | FortiPAM versions 1.1.x antérieures à 1.1.2 | ||
| Fortinet | N/A | FortiTester 3.8.x toutes versions | ||
| Fortinet | N/A | FortiTester 3.6.x toutes versions | ||
| Fortinet | FortiADC | FortiADC versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.4.x antérieures à 4.4.3 | ||
| Fortinet | N/A | FortiTester 3.3.x toutes versions | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiTester 3.0.x toutes versions | ||
| Fortinet | N/A | FortiWLM versions 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiSandbox | FortiSandbox 4.2.x toutes versions | ||
| Fortinet | N/A | FortiTester 7.0.x toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.0.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.4.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 7.0.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.2.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.2.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.6.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder 2.7.x toutes versions",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.1.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.0.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.0.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 3.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 7.0.x toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 7.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.2.x toutes versions",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.3.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.7.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch 6.0.x toutes versions",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.9.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.1.x toutes versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0.x toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 2.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 4.2.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.1.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.5.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb 6.2.x toutes versions",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR 1.4.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.8.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.6.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 3.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox 4.2.x toutes versions",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester 7.0.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-47536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
},
{
"name": "CVE-2023-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
},
{
"name": "CVE-2023-40716",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
},
{
"name": "CVE-2023-41678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
},
{
"name": "CVE-2023-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
},
{
"name": "CVE-2023-48782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
},
{
"name": "CVE-2023-41844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
},
{
"name": "CVE-2023-41673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
},
{
"name": "CVE-2022-27488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
},
{
"name": "CVE-2023-48791",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2023-45587",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
}
],
"initial_release_date": "2023-12-13T00:00:00",
"last_revision_date": "2023-12-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
}
]
}
CERTFR-2023-AVI-0973
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x antériéures à 6.7.6 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiWLM version 8.x antérieures à 8.5.5 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions 6.5.x antérieures à 6.5.1 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016 | ||
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.x antérieures 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.3 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions antérieures à 6.4.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiWAN | FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur) | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.6.x antériéures à 6.6.4 | ||
| Fortinet | N/A | FortiWLM version 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
},
{
"name": "CVE-2023-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
},
{
"name": "CVE-2023-25603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-33304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
},
{
"name": "CVE-2023-26205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-40719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
},
{
"name": "CVE-2023-29177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
},
{
"name": "CVE-2023-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
},
{
"name": "CVE-2023-41840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
},
{
"name": "CVE-2023-42783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
},
{
"name": "CVE-2022-40681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
},
{
"name": "CVE-2023-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
},
{
"name": "CVE-2023-36553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
},
{
"name": "CVE-2023-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
},
{
"name": "CVE-2023-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
},
{
"name": "CVE-2023-34991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2023-11-22T00:00:00",
"last_revision_date": "2023-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
}
]
}
CERTFR-2023-AVI-0451
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.0.10 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 7.0.0 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiConverter versions 6.x antérieures à 6.2.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.12 | ||
| Fortinet | N/A | FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.8 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.4.x antérieures à 9.4.3 | ||
| Fortinet | FortiOS | FortiOS versions 6.x à 7.0.x antérieures à 7.0.12 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.12 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiConverter versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.0.x antérieures à 6.0.17 | ||
| Fortinet | FortiNAC | FortiNAC-F versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antérieures à 6.2.15 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antérieures à 6.4.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 7.0.x antérieures à 7.0.12 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 7.1.x antérieures à 7.1.3 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiADC | FortiADC versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiADCManager versions antérieures à 7.1.1 | ||
| Fortinet | FortiPAM | FortiPAM versions antérieures à 1.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
},
{
"name": "CVE-2023-22633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
},
{
"name": "CVE-2022-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
},
{
"name": "CVE-2022-42474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
},
{
"name": "CVE-2022-42478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
},
{
"name": "CVE-2022-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
},
{
"name": "CVE-2023-27997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
},
{
"name": "CVE-2023-26210",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
},
{
"name": "CVE-2023-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
},
{
"name": "CVE-2023-26207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
},
{
"name": "CVE-2022-43949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
},
{
"name": "CVE-2023-29179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
},
{
"name": "CVE-2023-33305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
},
{
"name": "CVE-2023-29178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
},
{
"name": "CVE-2022-41327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
},
{
"name": "CVE-2023-26204",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
},
{
"name": "CVE-2023-22639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
},
{
"name": "CVE-2022-43953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
},
{
"name": "CVE-2023-28000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
},
{
"name": "CVE-2023-29175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
},
{
"name": "CVE-2023-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
}
],
"initial_release_date": "2023-06-13T00:00:00",
"last_revision_date": "2023-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0451",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
}
]
}
CERTFR-2023-AVI-0304
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC versions 5.x à 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.2.x antérieures à 4.2.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x antérieures à 3.2.4 | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.0.x antérieures à 4.0.3 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 6.3.22 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiWeb | FortiWeb versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.2.x antérieures à 6.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 6.x antérieures à 6.4.13 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 7.0.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.1.x antérieures à 6.1.5 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.3.x antérieures à 6.3.4 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions 6.4.x antérieures à 6.4.1 | ||
| Fortinet | N/A | FortiPresence versions antérieures à 2.0.0 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 3.3.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.1 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x à 6.3.x antérieures à 6.3.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.1.x antérieures à 4.1.1 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | N/A | FortiClientMac versions 6.x à 7.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.0.x antérieures à 4.0.2 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.3.x antérieures à 7.3.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.8 à 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiDDoS | FortiDDoS versions 4.x à 5.x antérieures à 5.7.0 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.8 à 6.4.x antérieures à 6.4.11 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x à 7.x antérieures à 7.0.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 6.3.22",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.1.x ant\u00e9rieures \u00e0 6.1.5",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPresence versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x \u00e0 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions 4.x \u00e0 5.x ant\u00e9rieures \u00e0 5.7.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35850"
},
{
"name": "CVE-2022-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40679"
},
{
"name": "CVE-2022-43946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43946"
},
{
"name": "CVE-2022-43952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43952"
},
{
"name": "CVE-2022-27487",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27487"
},
{
"name": "CVE-2023-27995",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27995"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2022-40682",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40682"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2023-22642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22642"
},
{
"name": "CVE-2022-27485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27485"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2022-42470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42470"
},
{
"name": "CVE-2022-43951",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43951"
},
{
"name": "CVE-2022-41331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41331"
},
{
"name": "CVE-2022-42477",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42477"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2022-43948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43948"
},
{
"name": "CVE-2022-43955",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43955"
},
{
"name": "CVE-2023-22635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22635"
}
],
"initial_release_date": "2023-04-12T00:00:00",
"last_revision_date": "2023-04-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0304",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-428 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-428"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-479 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-479"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-502 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-502"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-363 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-363"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-429 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-429"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-186 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-186"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-432 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-432"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-051 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-056 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-056"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-409 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-409"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-355 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-355"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-060 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-060"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-481 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-481"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-335 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-335"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-050 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-050"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-439 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-439"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-444 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-444"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-320 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-320"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-381 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-381"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-336 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-336"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-275 du 11 avril 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-275"
}
]
}
CERTFR-2023-AVI-0146
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 5.x à 7.x antérieures à 7.0.5 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | N/A | FortiExtender versions 3.3.x antérieures à 3.3.3 | ||
| Fortinet | N/A | FortiExtender versions 5.3.x antérieures à 7.0.4 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiExtender versions 3.x antérieures à 3.2.4 | ||
| Fortinet | N/A | FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiWAN | FortiWAN versions 4.x antérieures à 4.5.10 | ||
| Fortinet | N/A | FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 5.1 all versions | ||
| Fortinet | FortiADC | FortiADC 5.0 all versions | ||
| Fortinet | N/A | FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.1 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.0 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
},
{
"name": "CVE-2021-42756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
},
{
"name": "CVE-2023-23780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
},
{
"name": "CVE-2022-40678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
},
{
"name": "CVE-2022-40677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
},
{
"name": "CVE-2022-33869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
},
{
"name": "CVE-2022-30303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
},
{
"name": "CVE-2022-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
},
{
"name": "CVE-2023-22638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
},
{
"name": "CVE-2022-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-41335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
},
{
"name": "CVE-2022-38378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
},
{
"name": "CVE-2022-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
},
{
"name": "CVE-2023-23782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
},
{
"name": "CVE-2021-43074",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
},
{
"name": "CVE-2023-23778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
},
{
"name": "CVE-2023-25602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
},
{
"name": "CVE-2022-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
},
{
"name": "CVE-2022-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
},
{
"name": "CVE-2022-43954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
},
{
"name": "CVE-2022-30299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
},
{
"name": "CVE-2022-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
},
{
"name": "CVE-2022-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
},
{
"name": "CVE-2022-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
},
{
"name": "CVE-2022-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
},
{
"name": "CVE-2022-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
},
{
"name": "CVE-2023-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
},
{
"name": "CVE-2022-40683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
},
{
"name": "CVE-2023-23777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
},
{
"name": "CVE-2023-23779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
},
{
"name": "CVE-2023-23784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
},
{
"name": "CVE-2022-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
},
{
"name": "CVE-2021-42761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
},
{
"name": "CVE-2022-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
},
{
"name": "CVE-2022-40675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
},
{
"name": "CVE-2023-23783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
},
{
"name": "CVE-2022-27482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
},
{
"name": "CVE-2023-23781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
}
],
"initial_release_date": "2023-02-17T00:00:00",
"last_revision_date": "2023-02-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
}
],
"reference": "CERTFR-2023-AVI-0146",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0002
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC versions 7.x antérieures à 7.0.2 | ||
| Fortinet | N/A | FortiTester versions 4.x antérieures à 4.2.1 | ||
| Fortinet | N/A | FortiTester versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | N/A | FortiTester versions 7.2.x antérieures à 7.2.0 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.4 | ||
| Fortinet | FortiPortal | FortiPortal versions antérieures à 6.0.12 | ||
| Fortinet | N/A | FortiTester versions antérieures à 3.9.2 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.0.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.2.9 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.4.8 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC versions 7.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 4.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions ant\u00e9rieures \u00e0 6.0.12",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions ant\u00e9rieures \u00e0 3.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45857"
},
{
"name": "CVE-2022-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35845"
},
{
"name": "CVE-2022-39947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39947"
},
{
"name": "CVE-2022-41336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41336"
}
],
"initial_release_date": "2023-01-04T00:00:00",
"last_revision_date": "2023-01-04T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-250"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-061"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-371"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-313"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-274"
}
],
"reference": "CERTFR-2023-AVI-0002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une injection de code\nindirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-250 du 03 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-371 du 03 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-274 du 03 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-313 du 03 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-061 du 03 janvier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-1081
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor | FortiDeceptor versions 3.x | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.x antérieures à 6.4.10 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.x antérieures à 4.3.0 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.x antérieures à 2.0.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x | ||
| Fortinet | FortiADC | FortiADC versions 6.x antérieures à 6.2.5 | ||
| Fortinet | FortiADC | FortiADC versions 5.x | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.0.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDeceptor versions 3.x",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.x ant\u00e9rieures \u00e0 4.3.0",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.11",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.x ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35843"
},
{
"name": "CVE-2022-30305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30305"
},
{
"name": "CVE-2022-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33876"
},
{
"name": "CVE-2022-40680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40680"
},
{
"name": "CVE-2022-38379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38379"
},
{
"name": "CVE-2022-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33875"
}
],
"initial_release_date": "2022-12-07T00:00:00",
"last_revision_date": "2022-12-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1081",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-248 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-248"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-252 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-252"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-253 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-255 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-170 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-170"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-220 du 06 d\u00e9cembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-220"
}
]
}
CERTFR-2022-AVI-973
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.0.x antérieures à 4.0.3 | ||
| Fortinet | N/A | FortiClientMac versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.10 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.1.x antérieures à 4.1.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiTester versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | FortiADC | FortiADC versions 7.1.x antérieures à 7.1.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiTester versions 7.2.x antérieures à 7.2.0 | ||
| Fortinet | FortiSOAR | FortiSOAR versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | N/A | FortiEDR CollectorWindows versions 5.0.x.x antérieures à 5.0.3.912 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | FortiTester versions 4.2.x antérieures à 4.2.1 | ||
| Fortinet | N/A | AV engine versions 6.4.x antérieures à 6.4.275 | ||
| Fortinet | FortiADC | FortiADC versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.2.x antérieures à 4.2.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.0 | ||
| Fortinet | N/A | AV engine versions 6.2.x antérieures à 6.2.169 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiTester versions 3.9.x antérieures à 3.9.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiEDR CollectorWindows versions 5.2.x.x antérieures à 5.2.0.2288 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR CollectorWindows versions 5.0.x.x ant\u00e9rieures \u00e0 5.0.3.912",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "AV engine versions 6.4.x ant\u00e9rieures \u00e0 6.4.275",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.0",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "AV engine versions 6.2.x ant\u00e9rieures \u00e0 6.2.169",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiTester versions 3.9.x ant\u00e9rieures \u00e0 3.9.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR CollectorWindows versions 5.2.x.x ant\u00e9rieures \u00e0 5.2.0.2288",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26122"
},
{
"name": "CVE-2022-35842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35842"
},
{
"name": "CVE-2022-38374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38374"
},
{
"name": "CVE-2022-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38380"
},
{
"name": "CVE-2022-26119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26119"
},
{
"name": "CVE-2022-35851",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35851"
},
{
"name": "CVE-2022-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39945"
},
{
"name": "CVE-2022-38373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38373"
},
{
"name": "CVE-2022-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33870"
},
{
"name": "CVE-2022-33878",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33878"
},
{
"name": "CVE-2022-30307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30307"
},
{
"name": "CVE-2022-38381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38381"
},
{
"name": "CVE-2022-39950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39950"
},
{
"name": "CVE-2022-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39949"
},
{
"name": "CVE-2022-42473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42473"
}
],
"initial_release_date": "2022-11-02T00:00:00",
"last_revision_date": "2022-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-331 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-331"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-223 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-223"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-234 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-234"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-228 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-228"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-314 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-314"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-228 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-228"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-232 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-232"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-218 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-066 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-066"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-216 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-174 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-174"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-074 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-074"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-070 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-070"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-064 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-246 du 01 novembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-246"
}
]
}
CERTFR-2022-AVI-800
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiAP-W2 versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiManager | FortiManager versions 6.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiAP-W2 versions 6.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiAP-S versions 6.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiAP-W2 versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 7.0.2 | ||
| Fortinet | N/A | FortiAP versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | N/A | FortiAP versions 6.x antérieures à 6.4.8 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiAP-U versions antérieures à 6.2.4 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.6 | ||
| Fortinet | FortiSOAR | FortiSOAR versions antérieures à 7.2.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiAP versions 7.0.x antérieures à 7.0.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-S versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-W2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP-U versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAP versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43080",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43080"
},
{
"name": "CVE-2022-29062",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29062"
},
{
"name": "CVE-2022-38377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38377"
},
{
"name": "CVE-2022-29058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29058"
},
{
"name": "CVE-2022-30298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30298"
},
{
"name": "CVE-2022-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29053"
},
{
"name": "CVE-2021-43076",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43076"
},
{
"name": "CVE-2022-29061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29061"
},
{
"name": "CVE-2022-27491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27491"
},
{
"name": "CVE-2022-26114",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26114"
},
{
"name": "CVE-2022-35847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35847"
}
],
"initial_release_date": "2022-09-07T00:00:00",
"last_revision_date": "2022-09-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-800",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-163 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-163"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-215 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-140 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-143 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-073 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-073"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-152 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-045 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-045"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-156 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-156"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-306 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-222 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-158 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-154 du 06 septembre 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-154"
}
]
}
CERTFR-2022-AVI-701
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.8 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.4 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.11 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x antérieures à 6.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiGate | FortiGate versions 7.2.x antérieures à 7.2.0 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22299"
},
{
"name": "CVE-2022-27484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27484"
},
{
"name": "CVE-2022-23442",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23442"
}
],
"initial_release_date": "2022-08-03T00:00:00",
"last_revision_date": "2022-08-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-036 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-036"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-055 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-235 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-235"
}
]
}
CERTFR-2022-AVI-613
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 6.x antérieures à 6.2.11 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiNAC | FortiNAC versions antérieures à 9.1.6 | ||
| Fortinet | FortiManager | FortiManager versions 6.x antérieures à 6.4.8 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager version 5.1.0 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 6.0.11 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 6.4.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 3.3.3 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.4.10 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.7 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiVoiceEnterprise versions antérieures à 6.0.11 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 2.0.9 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.0.x antérieures à 4.0.2 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 7.0.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager version 5.1.0",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
},
{
"name": "CVE-2021-44170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
},
{
"name": "CVE-2021-43072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
},
{
"name": "CVE-2022-26117",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
},
{
"name": "CVE-2022-30302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
},
{
"name": "CVE-2022-29057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
},
{
"name": "CVE-2022-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
},
{
"name": "CVE-2022-27483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
},
{
"name": "CVE-2021-41031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
},
{
"name": "CVE-2022-26120",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
},
{
"name": "CVE-2022-23438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
}
],
"initial_release_date": "2022-07-06T00:00:00",
"last_revision_date": "2022-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-613",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
}
]
}
CERTFR-2021-AVI-927
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x antérieures à 1.2.12 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.8.x antérieures à 8.8.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antérieures à 6.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC versions 6.1.x antérieures à 6.1.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x antérieures à 3.2.3 | ||
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiOS | FortiOS versions 5.6.x antérieures à 5.6.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x antérieures à 6.0.14 | ||
| Fortinet | FortiADC | FortiADC version 6.2.x antérieures à 6.2.1 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.x antérieures à 2.0.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.16 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.0.1 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | Meru AP versions antérieures à 8.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.0.1 | ||
| Fortinet | N/A | FortiWLC versions antérieures à 8.6.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.1 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.1.x antérieures à 9.1.4 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.4.1 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antérieures à 6.2.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x ant\u00e9rieures \u00e0 1.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.8.x ant\u00e9rieures \u00e0 8.8.10",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 5.6.x ant\u00e9rieures \u00e0 5.6.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC version 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.16",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Meru AP versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43068"
},
{
"name": "CVE-2021-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44168"
},
{
"name": "CVE-2021-36194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36194"
},
{
"name": "CVE-2021-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41028"
},
{
"name": "CVE-2021-36195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36195"
},
{
"name": "CVE-2021-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41014"
},
{
"name": "CVE-2021-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41030"
},
{
"name": "CVE-2021-43067",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43067"
},
{
"name": "CVE-2021-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41017"
},
{
"name": "CVE-2021-43064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43064"
},
{
"name": "CVE-2021-41021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41021"
},
{
"name": "CVE-2021-42759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42759"
},
{
"name": "CVE-2021-43071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43071"
},
{
"name": "CVE-2021-36173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36173"
},
{
"name": "CVE-2021-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41024"
},
{
"name": "CVE-2021-42752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42752"
},
{
"name": "CVE-2021-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41025"
},
{
"name": "CVE-2021-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41015"
},
{
"name": "CVE-2021-43065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43065"
},
{
"name": "CVE-2021-26110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26110"
},
{
"name": "CVE-2021-41013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41013"
},
{
"name": "CVE-2021-26108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26108"
},
{
"name": "CVE-2021-43204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43204"
},
{
"name": "CVE-2021-42758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42758"
},
{
"name": "CVE-2021-41029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41029"
},
{
"name": "CVE-2021-42760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42760"
},
{
"name": "CVE-2021-41026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41026"
},
{
"name": "CVE-2021-41027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41027"
},
{
"name": "CVE-2021-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36189"
},
{
"name": "CVE-2021-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36180"
},
{
"name": "CVE-2021-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36191"
},
{
"name": "CVE-2021-42757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42757"
},
{
"name": "CVE-2021-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32591"
},
{
"name": "CVE-2021-36190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36190"
},
{
"name": "CVE-2021-26109",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26109"
},
{
"name": "CVE-2021-26103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26103"
},
{
"name": "CVE-2021-36167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36167"
},
{
"name": "CVE-2021-43063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43063"
},
{
"name": "CVE-2021-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36188"
}
],
"initial_release_date": "2021-12-08T00:00:00",
"last_revision_date": "2021-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-927",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-201 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-201"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-130 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-130"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-134 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-049 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-075 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-075"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-122 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-140 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-051 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-192 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-138 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-152 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-127 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-127"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-120 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-222 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-118 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-212 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-133 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-173 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-182 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-182"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-114 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-111 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-111"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-115 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-123 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-181 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-181"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-160 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-160"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-129 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-129"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-200 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-200"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-167 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-167"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-157 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-139 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-139"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-168 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-156 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-156"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-188 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-158 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-178 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-004 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-004"
}
]
}
CERTFR-2021-AVI-845
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiClientMac versions antérieures à 6.4.6, 7.0.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 5.4.4, 6.0.1 | ||
| Fortinet | FortiSIEM | FortiSIEM Windows Agent versions antérieures à 4.1.5 | ||
| Fortinet | N/A | FortiClientWindows versions antérieures à 6.4.3, 7.0.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 6.0.7, 6.4.5 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.3.0 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions antérieures à 6.4.2, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions antérieures à 6.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions antérieures à 5.2.7, 5.3.7, 6.0.6, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.0 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.4.7, 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 6.4.6, 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 5.4.4, 6.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 6.4.3, 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 6.0.7, 6.4.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.4.2, 7.0.0",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions ant\u00e9rieures \u00e0 5.2.7, 5.3.7, 6.0.6, 7.0.0",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.7, 7.0.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12814"
},
{
"name": "CVE-2021-26107",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26107"
},
{
"name": "CVE-2021-36176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36176"
},
{
"name": "CVE-2020-15940",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15940"
},
{
"name": "CVE-2021-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42754"
},
{
"name": "CVE-2020-15935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15935"
},
{
"name": "CVE-2021-36174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36174"
},
{
"name": "CVE-2021-36192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36192"
},
{
"name": "CVE-2021-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36183"
},
{
"name": "CVE-2021-36172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36172"
},
{
"name": "CVE-2021-41019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41019"
},
{
"name": "CVE-2021-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36181"
},
{
"name": "CVE-2021-32595",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32595"
}
],
"initial_release_date": "2021-11-04T00:00:00",
"last_revision_date": "2021-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-092 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-092"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-043 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-043"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-096 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-096"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-104 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-044 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-044"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-103 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-102 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-100 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-100"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-109 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-074 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-074"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-067 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-067"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-175 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-175"
}
]
}
CERTFR-2021-AVI-419
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.2 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.2.x antérieures à 6.2.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiGate | FortiGate versions 5.6.x antérieures à 6.0.13 | ||
| Fortinet | FortiSwitch | FortiSwitch toutes versions antérieures à 6.0.x et 3.6.x | ||
| Fortinet | FortiGate | FortiGate versions 6.4.0 à 6.4.4 antérieures à 6.4.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.8 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.3.0 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions antérieures à 6.1.x, 6.0.x, 5.9.x | ||
| Fortinet | FortiADC | FortiADC versions 6.0.x antérieures à 6.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.5 antérieures à 7.0.0 | ||
| Fortinet | N/A | FortiWLC versions 8.5.x antérieures à 8.5.4 | ||
| Fortinet | FortiADC | FortiADC versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.0.3 | ||
| Fortinet | FortiGate | FortiGate versions 5.6.x, 6.0.x et 6.2.x antérieures à 7.0.0 | ||
| Fortinet | FortiADC | FortiADC versions 5.4.x antérieures à 5.4.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.2.9, 1.1.x, 1.0.x antérieures à 1.2.10 | ||
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.4.6 | ||
| Fortinet | FortiGate | FortiGate versions 6.0.x antérieures à 6.2.8 | ||
| Fortinet | N/A | FortiWLC versions 8.6.x antérieures à 8.6.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.2.x ant\u00e9rieures \u00e0 6.2.7",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 5.6.x ant\u00e9rieures \u00e0 6.0.13",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch toutes versions ant\u00e9rieures \u00e0 6.0.x et 3.6.x",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.0 \u00e0 6.4.4 ant\u00e9rieures \u00e0 6.4.5",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions ant\u00e9rieures \u00e0 6.1.x, 6.0.x, 5.9.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.0.x ant\u00e9rieures \u00e0 6.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.5 ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.5.x ant\u00e9rieures \u00e0 8.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.0.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 5.6.x, 6.0.x et 6.2.x ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.2.9, 1.1.x, 1.0.x ant\u00e9rieures \u00e0 1.2.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.0.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26094"
},
{
"name": "CVE-2021-26092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26092"
},
{
"name": "CVE-2021-26087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26087"
},
{
"name": "CVE-2021-26111",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26111"
},
{
"name": "CVE-2021-24012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24012"
},
{
"name": "CVE-2021-26093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26093"
},
{
"name": "CVE-2018-13382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13382"
},
{
"name": "CVE-2018-13374",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13374"
},
{
"name": "CVE-2021-22123",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22123"
},
{
"name": "CVE-2021-22130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22130"
}
],
"initial_release_date": "2021-06-02T00:00:00",
"last_revision_date": "2021-06-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-071 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-071"
}
],
"reference": "CERTFR-2021-AVI-419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-002 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-002"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-049 du 30 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-231 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-231"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-006 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-006"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-157 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-18-157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-001 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-233 du 30 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-233"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-147 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-018 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-137 du 28 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-120 du 28 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-199 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-199"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-026 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-026"
}
]
}
CERTFR-2021-AVI-244
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | Fortiproxy versions 2.0.x antérieures à 2.0.2 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 5.4.0 | ||
| Fortinet | N/A | FortiADCManager versions antérieures à 5.4.0 | ||
| Fortinet | FortiProxy | Fortiproxy versions antérieures à 1.2.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.5 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 6.2.4 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortiproxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADCManager versions ant\u00e9rieures \u00e0 5.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortiproxy versions ant\u00e9rieures \u00e0 1.2.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15942"
},
{
"name": "CVE-2019-17656",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17656"
},
{
"name": "CVE-2021-24024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24024"
}
],
"initial_release_date": "2021-04-07T00:00:00",
"last_revision_date": "2021-04-07T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-244",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-244 du 01 mars 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-19-244"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-076 du 04 avril 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-076"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-007 du 05 avril 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-007"
}
]
}
CERTFR-2020-AVI-706
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiADC | FortiADC 5.4.x versions antérieures à 5.4.4 | ||
| Fortinet | FortiMail | FortiMail 6.0.x versions antérieures à 6.0.10 | ||
| Fortinet | FortiMail | FortiMail 6.4.x versions antérieures à 6.4.2 | ||
| Fortinet | FortiMail | FortiMail 6.2.x versions antérieures à 6.2.5 | ||
| Fortinet | FortiADC | FortiADC 6.0.x versions antérieures à 6.0.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiADC 5.4.x versions ant\u00e9rieures \u00e0 5.4.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.0.x versions ant\u00e9rieures \u00e0 6.0.10",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.4.x versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail 6.2.x versions ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 6.0.x versions ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15935"
},
{
"name": "CVE-2020-15933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15933"
}
],
"initial_release_date": "2020-11-03T00:00:00",
"last_revision_date": "2020-11-03T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-706",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-105 du 3 novembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-105"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-044 du 3 novembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-044"
}
]
}