Refine your search
9 vulnerabilities found for FortiClientEMS by Fortinet
CERTFR-2025-AVI-0399
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClientMac versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.7 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiMail | FortiMail versions 7.6.x antérieures à 7.6.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNDR | FortiNDR versions antérieures à 7.0.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.6.x antérieures à 7.6.1 | ||
| Fortinet | FortiVoice | FortiVoice versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiClient | FortiClientMac versions 7.x antérieures à 7.2.9 | ||
| Fortinet | FortiRecorder | FortiRecorder versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiClient | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiCamera | FortiCamera versions antérieures à 2.1.4 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiSwitch | FortiSwitchManager versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.15 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiVoice | FortiVoiceUCDesktop versions antérieures à 7.0 | ||
| Fortinet | FortiVoice | FortiVoice versions 6.4.x antérieures à 6.4.11 | ||
| Fortinet | FortiNDR | FortiNDR versions 7.4.x antérieures à 7.4.8 | ||
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
"product": {
"name": "FortiCamera",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiVoice",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
"product": {
"name": "FortiNDR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
},
{
"name": "CVE-2025-47294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
},
{
"name": "CVE-2025-24473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
},
{
"name": "CVE-2024-54020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
},
{
"name": "CVE-2025-46777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
},
{
"name": "CVE-2024-35281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
},
{
"name": "CVE-2025-32756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
},
{
"name": "CVE-2025-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
},
{
"name": "CVE-2025-47295",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
},
{
"name": "CVE-2025-22859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
}
],
"initial_release_date": "2025-05-13T00:00:00",
"last_revision_date": "2025-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
"url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
}
]
}
CERTFR-2024-AVI-0212
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Contournement provisoire
S’il n’est pas possible de procéder à l’installation d’une version corrigeant la vulnérabilité, se référer aux mesures de contournement proposées par l’éditeur à la section Workaround.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS | FortiClientEMS 6.2 toutes versions | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.14 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.14 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.15 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiClientEMS | FortiClientEMS 6.0 toutes versions | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiClientEMS | FortiClientEMS 6.4 toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.7 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiPortal | FortiPortal versions antérieures à 7.0.0 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.0 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x. antérieures à 7.0.11 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.15 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientEMS 6.2 toutes versions",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.15",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS 6.0 toutes versions",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS 6.4 toutes versions",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.0",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x. ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nS\u2019il n\u2019est pas possible de proc\u00e9der \u00e0 l\u2019installation d\u2019une version\ncorrigeant la vuln\u00e9rabilit\u00e9, se r\u00e9f\u00e9rer aux mesures de contournement\npropos\u00e9es par l\u2019\u00e9diteur \u00e0 la section *Workaround*.\n",
"cves": [
{
"name": "CVE-2024-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21761"
},
{
"name": "CVE-2023-42790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42790"
},
{
"name": "CVE-2023-41842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41842"
},
{
"name": "CVE-2023-48788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48788"
},
{
"name": "CVE-2024-23112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23112"
},
{
"name": "CVE-2023-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46717"
},
{
"name": "CVE-2023-42789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42789"
},
{
"name": "CVE-2023-47534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47534"
},
{
"name": "CVE-2023-36554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36554"
}
],
"initial_release_date": "2024-03-13T00:00:00",
"last_revision_date": "2024-03-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0212",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-007 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-007"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-304 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-304"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-016 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-016"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-328 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-328"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-424 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-424"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-390 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-390"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-103 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-013 du 12 mars 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-013"
}
]
}
CERTFR-2024-AVI-0108
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiNAC | FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.1 toutes versions | ||
| Fortinet | FortiNAC | FortiNAC versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.14 (Cette version reste affectée par la vulnérabilité CVE-2023-47537) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | FortiPAM | FortiPAM 1.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.2 toutes versions | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.16 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.7 | ||
| Fortinet | FortiPAM | FortiPAM 1.2 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy 1.0 toutes versions | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.11 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.2.x antérieures à 7.2.3 | ||
| Fortinet | FortiOS | FortiOS 6.0 toutes versions | ||
| Fortinet | FortiWeb | FortiWeb versions 7.4.x antérieures à 7.4.3 | ||
| Fortinet | FortiClientEMS | FortiClientEMS 6.2 et 6.4 toutes versions | ||
| Fortinet | FortiNAC | FortiNAC versions 9.4.x antérieures à 9.4.4 | ||
| Fortinet | FortiProxy | FortiProxy 7.0 toutes versions | ||
| Fortinet | FortiPAM | FortiPAM 1.1 toutes versions | ||
| Fortinet | FortiManager | FortiManager 6.2, 6.4 et 7.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.1 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14 (Cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-47537)",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.0 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.2 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.2 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 1.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS 6.0 toutes versions",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS 6.2 et 6.4 toutes versions",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy 7.0 toutes versions",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPAM 1.1 toutes versions",
"product": {
"name": "FortiPAM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-45581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45581"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2023-26206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26206"
},
{
"name": "CVE-2023-44253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44253"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
}
],
"initial_release_date": "2024-02-09T00:00:00",
"last_revision_date": "2024-04-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0108",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-09T00:00:00.000000"
},
{
"description": "Ajout des syst\u00e8mes affect\u00e9s",
"revision_date": "2024-02-15T00:00:00.000000"
},
{
"description": "Ajout des syst\u00e8mes affect\u00e9s",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-268 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-268"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-301 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-301"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-063 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-063"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-357 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-357"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-397 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-397"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-029 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-029"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-015 du 08 f\u00e9vrier 2024",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-015"
}
]
}
CERTFR-2021-AVI-927
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x antérieures à 1.2.12 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.8.x antérieures à 8.8.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antérieures à 6.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC versions 6.1.x antérieures à 6.1.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x antérieures à 3.2.3 | ||
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiOS | FortiOS versions 5.6.x antérieures à 5.6.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x antérieures à 6.0.14 | ||
| Fortinet | FortiADC | FortiADC version 6.2.x antérieures à 6.2.1 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.x antérieures à 2.0.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.16 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.0.1 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | Meru AP versions antérieures à 8.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.0.1 | ||
| Fortinet | N/A | FortiWLC versions antérieures à 8.6.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.1 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.1.x antérieures à 9.1.4 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.4.1 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antérieures à 6.2.8 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x ant\u00e9rieures \u00e0 1.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.8.x ant\u00e9rieures \u00e0 8.8.10",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 5.6.x ant\u00e9rieures \u00e0 5.6.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC version 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.16",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Meru AP versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43068"
},
{
"name": "CVE-2021-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44168"
},
{
"name": "CVE-2021-36194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36194"
},
{
"name": "CVE-2021-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41028"
},
{
"name": "CVE-2021-36195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36195"
},
{
"name": "CVE-2021-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41014"
},
{
"name": "CVE-2021-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41030"
},
{
"name": "CVE-2021-43067",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43067"
},
{
"name": "CVE-2021-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41017"
},
{
"name": "CVE-2021-43064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43064"
},
{
"name": "CVE-2021-41021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41021"
},
{
"name": "CVE-2021-42759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42759"
},
{
"name": "CVE-2021-43071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43071"
},
{
"name": "CVE-2021-36173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36173"
},
{
"name": "CVE-2021-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41024"
},
{
"name": "CVE-2021-42752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42752"
},
{
"name": "CVE-2021-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41025"
},
{
"name": "CVE-2021-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41015"
},
{
"name": "CVE-2021-43065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43065"
},
{
"name": "CVE-2021-26110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26110"
},
{
"name": "CVE-2021-41013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41013"
},
{
"name": "CVE-2021-26108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26108"
},
{
"name": "CVE-2021-43204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43204"
},
{
"name": "CVE-2021-42758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42758"
},
{
"name": "CVE-2021-41029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41029"
},
{
"name": "CVE-2021-42760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42760"
},
{
"name": "CVE-2021-41026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41026"
},
{
"name": "CVE-2021-41027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41027"
},
{
"name": "CVE-2021-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36189"
},
{
"name": "CVE-2021-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36180"
},
{
"name": "CVE-2021-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36191"
},
{
"name": "CVE-2021-42757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42757"
},
{
"name": "CVE-2021-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32591"
},
{
"name": "CVE-2021-36190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36190"
},
{
"name": "CVE-2021-26109",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26109"
},
{
"name": "CVE-2021-26103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26103"
},
{
"name": "CVE-2021-36167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36167"
},
{
"name": "CVE-2021-43063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43063"
},
{
"name": "CVE-2021-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36188"
}
],
"initial_release_date": "2021-12-08T00:00:00",
"last_revision_date": "2021-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-927",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-201 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-201"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-130 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-130"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-134 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-049 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-075 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-075"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-122 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-140 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-051 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-192 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-138 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-152 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-127 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-127"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-120 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-222 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-118 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-212 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-133 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-173 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-182 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-182"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-114 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-111 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-111"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-115 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-123 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-181 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-181"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-160 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-160"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-129 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-129"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-200 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-200"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-167 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-167"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-157 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-139 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-139"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-168 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-156 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-156"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-188 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-158 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-178 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-004 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-004"
}
]
}
CERTFR-2021-AVI-845
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiClientMac versions antérieures à 6.4.6, 7.0.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 5.4.4, 6.0.1 | ||
| Fortinet | FortiSIEM | FortiSIEM Windows Agent versions antérieures à 4.1.5 | ||
| Fortinet | N/A | FortiClientWindows versions antérieures à 6.4.3, 7.0.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 6.0.7, 6.4.5 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.3.0 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions antérieures à 6.4.2, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions antérieures à 6.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions antérieures à 5.2.7, 5.3.7, 6.0.6, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.0 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.4.7, 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 6.4.6, 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 5.4.4, 6.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 6.4.3, 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 6.0.7, 6.4.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.4.2, 7.0.0",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions ant\u00e9rieures \u00e0 5.2.7, 5.3.7, 6.0.6, 7.0.0",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.7, 7.0.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12814"
},
{
"name": "CVE-2021-26107",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26107"
},
{
"name": "CVE-2021-36176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36176"
},
{
"name": "CVE-2020-15940",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15940"
},
{
"name": "CVE-2021-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42754"
},
{
"name": "CVE-2020-15935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15935"
},
{
"name": "CVE-2021-36174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36174"
},
{
"name": "CVE-2021-36192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36192"
},
{
"name": "CVE-2021-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36183"
},
{
"name": "CVE-2021-36172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36172"
},
{
"name": "CVE-2021-41019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41019"
},
{
"name": "CVE-2021-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36181"
},
{
"name": "CVE-2021-32595",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32595"
}
],
"initial_release_date": "2021-11-04T00:00:00",
"last_revision_date": "2021-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-092 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-092"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-043 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-043"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-096 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-096"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-104 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-044 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-044"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-103 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-102 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-100 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-100"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-109 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-074 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-074"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-067 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-067"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-175 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-175"
}
]
}
CERTFR-2021-AVI-758
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.2.x antérieures à 6.2.8 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | N/A | FortiSDNConnector versions antérieures à 1.1.8 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions antérieures à 6.2.9 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.4.7 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.0.x antérieures à 4.0.1 | ||
| Fortinet | N/A | FortiWebManager versions antérieures à 6.2.4 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 3.2.3 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.4.x antérieures à 6.4.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSDNConnector versions ant\u00e9rieures \u00e0 1.1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.2.9",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.0.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWebManager versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-15941",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15941"
},
{
"name": "CVE-2021-36175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36175"
},
{
"name": "CVE-2021-26105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26105"
},
{
"name": "CVE-2021-24019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24019"
},
{
"name": "CVE-2021-36170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36170"
},
{
"name": "CVE-2021-24021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24021"
},
{
"name": "CVE-2021-36178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36178"
}
],
"initial_release_date": "2021-10-06T00:00:00",
"last_revision_date": "2021-10-06T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-758",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-027 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-027"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-112 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-112"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-074 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-074"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-234 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-234"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-072 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-072"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-098 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-098"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-183 du 05 octobre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-183"
}
]
}
CERTFR-2019-AVI-459
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Fortinet FortiClientEMS. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS | FortiClientEMS versions antérieures à 6.2.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-16149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16149"
}
],
"initial_release_date": "2019-09-24T00:00:00",
"last_revision_date": "2019-09-24T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-459",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiClientEMS. Elle\npermet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiClientEMS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-072 du 23 septembre 2019",
"url": "https://fortiguard.com/psirt/FG-IR-19-072"
}
]
}
CVE-2023-48788 (GCVE-0-2023-48788)
Vulnerability from nvd
Published
2024-03-12 15:09
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Execute unauthorized code or commands
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS |
Version: 7.2.0 ≤ 7.2.2 Version: 7.0.1 ≤ 7.0.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient_enterprise_management_server",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient_enterprise_management_server",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48788",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:14.476146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-25T00:00:00+00:00",
"value": "CVE-2023-48788 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:55.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-007",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T08:04:03.038Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-007",
"url": "https://fortiguard.com/psirt/FG-IR-24-007"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientEMS version 7.2.3 or above \nPlease upgrade to FortiClientEMS version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-48788",
"datePublished": "2024-03-12T15:09:18.527Z",
"dateReserved": "2023-11-19T19:58:38.554Z",
"dateUpdated": "2025-10-21T23:05:23.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48788 (GCVE-0-2023-48788)
Vulnerability from cvelistv5
Published
2024-03-12 15:09
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Execute unauthorized code or commands
Summary
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiClientEMS |
Version: 7.2.0 ≤ 7.2.2 Version: 7.0.1 ≤ 7.0.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient_enterprise_management_server",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "forticlient_enterprise_management_server",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48788",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:14.476146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:23.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48788"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-25T00:00:00+00:00",
"value": "CVE-2023-48788 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:55.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-007",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-24-007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiClientEMS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T08:04:03.038Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-24-007",
"url": "https://fortiguard.com/psirt/FG-IR-24-007"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiClientEMS version 7.2.3 or above \nPlease upgrade to FortiClientEMS version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-48788",
"datePublished": "2024-03-12T15:09:18.527Z",
"dateReserved": "2023-11-19T19:58:38.554Z",
"dateUpdated": "2025-10-21T23:05:23.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}