Refine your search
14 vulnerabilities found for FortiGate by Fortinet
CERTFR-2023-AVI-0973
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x antériéures à 6.7.6 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiWLM version 8.x antérieures à 8.5.5 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions 6.5.x antérieures à 6.5.1 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016 | ||
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.x antérieures 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.3 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions antérieures à 6.4.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiWAN | FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur) | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.6.x antériéures à 6.6.4 | ||
| Fortinet | N/A | FortiWLM version 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
},
{
"name": "CVE-2023-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
},
{
"name": "CVE-2023-25603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-33304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
},
{
"name": "CVE-2023-26205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-40719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
},
{
"name": "CVE-2023-29177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
},
{
"name": "CVE-2023-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
},
{
"name": "CVE-2023-41840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
},
{
"name": "CVE-2023-42783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
},
{
"name": "CVE-2022-40681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
},
{
"name": "CVE-2023-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
},
{
"name": "CVE-2023-36553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
},
{
"name": "CVE-2023-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
},
{
"name": "CVE-2023-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
},
{
"name": "CVE-2023-34991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2023-11-22T00:00:00",
"last_revision_date": "2023-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
}
]
}
CERTFR-2023-AVI-0146
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 5.x à 7.x antérieures à 7.0.5 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | N/A | FortiExtender versions 3.3.x antérieures à 3.3.3 | ||
| Fortinet | N/A | FortiExtender versions 5.3.x antérieures à 7.0.4 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiExtender versions 3.x antérieures à 3.2.4 | ||
| Fortinet | N/A | FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiWAN | FortiWAN versions 4.x antérieures à 4.5.10 | ||
| Fortinet | N/A | FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 5.1 all versions | ||
| Fortinet | FortiADC | FortiADC 5.0 all versions | ||
| Fortinet | N/A | FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.1 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.0 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
},
{
"name": "CVE-2021-42756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
},
{
"name": "CVE-2023-23780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
},
{
"name": "CVE-2022-40678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
},
{
"name": "CVE-2022-40677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
},
{
"name": "CVE-2022-33869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
},
{
"name": "CVE-2022-30303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
},
{
"name": "CVE-2022-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
},
{
"name": "CVE-2023-22638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
},
{
"name": "CVE-2022-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-41335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
},
{
"name": "CVE-2022-38378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
},
{
"name": "CVE-2022-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
},
{
"name": "CVE-2023-23782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
},
{
"name": "CVE-2021-43074",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
},
{
"name": "CVE-2023-23778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
},
{
"name": "CVE-2023-25602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
},
{
"name": "CVE-2022-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
},
{
"name": "CVE-2022-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
},
{
"name": "CVE-2022-43954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
},
{
"name": "CVE-2022-30299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
},
{
"name": "CVE-2022-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
},
{
"name": "CVE-2022-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
},
{
"name": "CVE-2022-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
},
{
"name": "CVE-2022-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
},
{
"name": "CVE-2022-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
},
{
"name": "CVE-2023-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
},
{
"name": "CVE-2022-40683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
},
{
"name": "CVE-2023-23777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
},
{
"name": "CVE-2023-23779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
},
{
"name": "CVE-2023-23784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
},
{
"name": "CVE-2022-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
},
{
"name": "CVE-2021-42761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
},
{
"name": "CVE-2022-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
},
{
"name": "CVE-2022-40675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
},
{
"name": "CVE-2023-23783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
},
{
"name": "CVE-2022-27482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
},
{
"name": "CVE-2023-23781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
}
],
"initial_release_date": "2023-02-17T00:00:00",
"last_revision_date": "2023-02-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
}
],
"reference": "CERTFR-2023-AVI-0146",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-701
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiMail | FortiMail versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.8 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.4 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.11 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x antérieures à 6.0.15 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | FortiMail | FortiMail versions 6.4.x antérieures à 6.4.6 | ||
| Fortinet | FortiGate | FortiGate versions 7.2.x antérieures à 7.2.0 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22299"
},
{
"name": "CVE-2022-27484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27484"
},
{
"name": "CVE-2022-23442",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23442"
}
],
"initial_release_date": "2022-08-03T00:00:00",
"last_revision_date": "2022-08-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-701",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-036 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-036"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-055 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-055"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-235 du 02 ao\u00fbt 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-235"
}
]
}
CERTFR-2022-AVI-613
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiOS | FortiOS versions 6.x antérieures à 6.2.11 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiNAC | FortiNAC versions antérieures à 9.1.6 | ||
| Fortinet | FortiManager | FortiManager versions 6.x antérieures à 6.4.8 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager version 5.1.0 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 6.0.11 | ||
| Fortinet | FortiEDR Central Manager | FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiRecorder | FortiRecorder versions antérieures à 6.4.3 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 6.2.3 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions antérieures à 3.3.3 | ||
| Fortinet | FortiSwitch | FortiSwitch versions antérieures à 6.4.10 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.7 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.9 | ||
| Fortinet | N/A | FortiVoiceEnterprise versions antérieures à 6.0.11 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions antérieures à 2.0.9 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 4.0.x antérieures à 4.0.2 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 7.0.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager version 5.1.0",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
"product": {
"name": "FortiEDR Central Manager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiRecorder",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
},
{
"name": "CVE-2021-44170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
},
{
"name": "CVE-2021-43072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
},
{
"name": "CVE-2022-26117",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
},
{
"name": "CVE-2022-30302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
},
{
"name": "CVE-2022-29057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
},
{
"name": "CVE-2022-26118",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
},
{
"name": "CVE-2022-27483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
},
{
"name": "CVE-2021-41031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
},
{
"name": "CVE-2022-26120",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
},
{
"name": "CVE-2022-23438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
}
],
"initial_release_date": "2022-07-06T00:00:00",
"last_revision_date": "2022-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-613",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
}
]
}
CERTFR-2022-AVI-410
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiNAC | Fortinet FortiNAC versions 9.2.x antérieures à 9.2.3 | ||
| Fortinet | FortiNAC | Fortinet FortiNAC versions 9.4.x antérieures à 9.4.0 | ||
| Fortinet | FortiGate | Fortinet FortiGate versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | N/A | Fortinet FortiIsolator versions antérieures à 2.3.3 ou 2.4.0 | ||
| Fortinet | FortiProxy | Fortinet FortiProxy versions 2.0.x antérieures à 2.0.8 | ||
| Fortinet | FortiClient | Fortinet FortiClient versions antérieures à 6.4.7 | ||
| Fortinet | FortiSOAR | Fortinet FortiSOAR versions antérieures à 7.2.0 | ||
| Fortinet | FortiProxy | Fortinet FortiProxy versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClient | Fortinet FortiClient versions 7.x antérieures à 7.0.3 | ||
| Fortinet | N/A | Fortinet FortiFone versions antérieures à 3.0.12 | ||
| Fortinet | FortiGate | Fortinet FortiGate versions antérieures à 6.4.9 | ||
| Fortinet | FortiNAC | Fortinet FortiNAC versions 10.x antérieures à 10.0.0 | ||
| Fortinet | FortiOS | Fortinet FortiOS versions antérieures à 6.4.9 | ||
| Fortinet | FortiNAC | Fortinet FortiNAC versions antérieures à 9.1.6 | ||
| Fortinet | FortiOS | Fortinet FortiOS versions 7.0.x antérieures à 7.0.4 ou 7.2.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortinet FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiIsolator versions ant\u00e9rieures \u00e0 2.3.3 ou 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiClient versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiSOAR versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiSOAR",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiClient versions 7.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiFone versions ant\u00e9rieures \u00e0 3.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiGate versions ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiNAC versions 10.x ant\u00e9rieures \u00e0 10.0.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiOS versions ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortinet FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.4 ou 7.2.0",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43845",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43845"
},
{
"name": "CVE-2021-21375",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21375"
},
{
"name": "CVE-2020-15260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15260"
},
{
"name": "CVE-2021-37706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37706"
},
{
"name": "CVE-2022-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26116"
},
{
"name": "CVE-2021-43081",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43081"
},
{
"name": "CVE-2022-23443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23443"
},
{
"name": "CVE-2021-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43804"
},
{
"name": "CVE-2021-43066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43066"
},
{
"name": "CVE-2021-32686",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32686"
},
{
"name": "CVE-2022-22306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22306"
},
{
"name": "CVE-2021-41020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41020"
},
{
"name": "CVE-2021-43206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43206"
},
{
"name": "CVE-2021-41032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41032"
}
],
"initial_release_date": "2022-05-04T00:00:00",
"last_revision_date": "2022-05-04T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-410",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-062 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-062"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-231 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-231"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-041 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-041"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-147 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-040 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-040"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-230 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-230"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-239 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-239"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-154 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-154"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-007 du 03 mai 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-007"
}
]
}
CERTFR-2021-AVI-927
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x antérieures à 1.2.12 | ||
| Fortinet | FortiOS | FortiOS versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.8.x antérieures à 8.8.10 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antérieures à 6.4.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiADC | FortiADC versions 6.1.x antérieures à 6.1.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.6 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.x antérieures à 3.2.3 | ||
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.2.10 | ||
| Fortinet | FortiOS | FortiOS versions 5.6.x antérieures à 5.6.14 | ||
| Fortinet | FortiOS | FortiOS versions 6.4.x antérieures à 6.4.8 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x antérieures à 6.0.14 | ||
| Fortinet | FortiADC | FortiADC version 6.2.x antérieures à 6.2.1 | ||
| Fortinet | FortiClient | FortiClient pour Linux, Mac et Windows versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.x antérieures à 2.0.4 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.16 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 4.x antérieures à 4.0.1 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | N/A | Meru AP versions antérieures à 8.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.x antérieures à 7.0.1 | ||
| Fortinet | N/A | FortiWLC versions antérieures à 8.6.2 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.2.x antérieures à 9.2.1 | ||
| Fortinet | FortiNAC | FortiNAC versions 9.1.x antérieures à 9.1.4 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.4.1 | ||
| Fortinet | FortiOS | FortiOS-6K7K versions 6.2.x antérieures à 6.2.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x ant\u00e9rieures \u00e0 1.2.12",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.8.x ant\u00e9rieures \u00e0 8.8.10",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.6",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 5.6.x ant\u00e9rieures \u00e0 5.6.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.14",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC version 6.2.x ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux, Mac et Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.x ant\u00e9rieures \u00e0 2.0.4",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.16",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 4.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Meru AP versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions ant\u00e9rieures \u00e0 8.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.1",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.4",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43068"
},
{
"name": "CVE-2021-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44168"
},
{
"name": "CVE-2021-36194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36194"
},
{
"name": "CVE-2021-41028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41028"
},
{
"name": "CVE-2021-36195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36195"
},
{
"name": "CVE-2021-41014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41014"
},
{
"name": "CVE-2021-41030",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41030"
},
{
"name": "CVE-2021-43067",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43067"
},
{
"name": "CVE-2021-41017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41017"
},
{
"name": "CVE-2021-43064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43064"
},
{
"name": "CVE-2021-41021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41021"
},
{
"name": "CVE-2021-42759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42759"
},
{
"name": "CVE-2021-43071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43071"
},
{
"name": "CVE-2021-36173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36173"
},
{
"name": "CVE-2021-41024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41024"
},
{
"name": "CVE-2021-42752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42752"
},
{
"name": "CVE-2021-41025",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41025"
},
{
"name": "CVE-2021-41015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41015"
},
{
"name": "CVE-2021-43065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43065"
},
{
"name": "CVE-2021-26110",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26110"
},
{
"name": "CVE-2021-41013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41013"
},
{
"name": "CVE-2021-26108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26108"
},
{
"name": "CVE-2021-43204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43204"
},
{
"name": "CVE-2021-42758",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42758"
},
{
"name": "CVE-2021-41029",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41029"
},
{
"name": "CVE-2021-42760",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42760"
},
{
"name": "CVE-2021-41026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41026"
},
{
"name": "CVE-2021-41027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41027"
},
{
"name": "CVE-2021-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36189"
},
{
"name": "CVE-2021-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36180"
},
{
"name": "CVE-2021-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36191"
},
{
"name": "CVE-2021-42757",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42757"
},
{
"name": "CVE-2021-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32591"
},
{
"name": "CVE-2021-36190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36190"
},
{
"name": "CVE-2021-26109",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26109"
},
{
"name": "CVE-2021-26103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26103"
},
{
"name": "CVE-2021-36167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36167"
},
{
"name": "CVE-2021-43063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43063"
},
{
"name": "CVE-2021-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36188"
}
],
"initial_release_date": "2021-12-08T00:00:00",
"last_revision_date": "2021-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-927",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-201 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-201"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-130 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-130"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-134 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-049 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-075 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-075"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-122 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-122"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-140 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-140"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-051 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-051"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-192 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-192"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-138 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-152 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-152"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-127 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-127"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-120 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-222 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-222"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-118 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-118"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-212 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-133 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-173 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-173"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-182 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-182"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-114 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-111 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-111"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-115 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-115"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-123 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-181 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-181"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-160 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-160"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-129 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-129"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-200 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-200"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-167 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-167"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-157 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-139 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-139"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-168 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-168"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-156 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-156"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-188 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-188"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-158 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-178 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-131 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-131"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-004 du 8 d\u00e9cembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-004"
}
]
}
CERTFR-2021-AVI-845
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiClientMac versions antérieures à 6.4.6, 7.0.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 5.4.4, 6.0.1 | ||
| Fortinet | FortiSIEM | FortiSIEM Windows Agent versions antérieures à 4.1.5 | ||
| Fortinet | N/A | FortiClientWindows versions antérieures à 6.4.3, 7.0.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 6.0.7, 6.4.5 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.3.0 | ||
| Fortinet | FortiClientEMS | FortiClientEMS versions antérieures à 6.4.2, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS-F versions antérieures à 6.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions antérieures à 5.2.7, 5.3.7, 6.0.6, 7.0.0 | ||
| Fortinet | FortiDDoS | FortiDDoS versions antérieures à 5.5.0 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.4.7, 7.0.2 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.7 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClientMac versions ant\u00e9rieures \u00e0 6.4.6, 7.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 5.4.4, 6.0.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions ant\u00e9rieures \u00e0 6.4.3, 7.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 6.0.7, 6.4.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.4.2, 7.0.0",
"product": {
"name": "FortiClientEMS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.2.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions ant\u00e9rieures \u00e0 5.2.7, 5.3.7, 6.0.6, 7.0.0",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.7, 7.0.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12814"
},
{
"name": "CVE-2021-26107",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26107"
},
{
"name": "CVE-2021-36176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36176"
},
{
"name": "CVE-2020-15940",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15940"
},
{
"name": "CVE-2021-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42754"
},
{
"name": "CVE-2020-15935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15935"
},
{
"name": "CVE-2021-36174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36174"
},
{
"name": "CVE-2021-36192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36192"
},
{
"name": "CVE-2021-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36183"
},
{
"name": "CVE-2021-36172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36172"
},
{
"name": "CVE-2021-41019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41019"
},
{
"name": "CVE-2021-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36181"
},
{
"name": "CVE-2021-32595",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32595"
}
],
"initial_release_date": "2021-11-04T00:00:00",
"last_revision_date": "2021-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-845",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-092 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-092"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-043 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-043"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-096 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-096"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-104 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-104"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-044 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-044"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-103 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-102 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-100 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-100"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-109 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-109"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-074 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-074"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-067 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-067"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-079 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-079"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-175 du 02 novembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-175"
}
]
}
CERTFR-2021-AVI-685
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.3.1 | ||
| Fortinet | FortiSandbox | FortiSandbox versions antérieures à 3.2.2 | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.4 | ||
| Fortinet | FortiWeb | FortiWeb versions antérieures à 6.2.5 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 6.2.8 | ||
| Fortinet | FortiGate | FortiGate versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiClient | FortiClient pour Linux versions 6.4.x antérieures à 6.4.3 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.15 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.4.7 | ||
| Fortinet | FortiClient | FortiClient pour Linux versions antérieures à 6.2.9 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.4.x antérieures à 6.4.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.15",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux versions ant\u00e9rieures \u00e0 6.2.9",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36179"
},
{
"name": "CVE-2019-17655",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17655"
},
{
"name": "CVE-2021-36169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36169"
},
{
"name": "CVE-2020-29012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29012"
},
{
"name": "CVE-2021-24016",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24016"
},
{
"name": "CVE-2021-32600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32600"
},
{
"name": "CVE-2021-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36182"
},
{
"name": "CVE-2021-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26116"
},
{
"name": "CVE-2021-22123",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22123"
},
{
"name": "CVE-2021-24017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24017"
},
{
"name": "CVE-2021-22127",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22127"
},
{
"name": "CVE-2020-29013",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29013"
}
],
"initial_release_date": "2021-09-08T00:00:00",
"last_revision_date": "2021-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-685",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-091 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-091"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-116 du 18 ao\u00fbt 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-116"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-189 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-189"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-178 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-178"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-206 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-068 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-190 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-190"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-047 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-047"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-241 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-241"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-217 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-19-217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-243 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-243"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-070 du 07 septembre 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-070"
}
]
}
CERTFR-2021-AVI-419
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiProxy | FortiProxy versions 2.0.x antérieures à 2.0.2 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.4.x antérieures à 6.4.7 | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.2.x antérieures à 6.2.7 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiGate | FortiGate versions 5.6.x antérieures à 6.0.13 | ||
| Fortinet | FortiSwitch | FortiSwitch toutes versions antérieures à 6.0.x et 3.6.x | ||
| Fortinet | FortiGate | FortiGate versions 6.4.0 à 6.4.4 antérieures à 6.4.5 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.8 | ||
| Fortinet | N/A | FortiAuthenticator versions antérieures à 6.3.0 | ||
| Fortinet | FortiWeb | FortiWeb toutes versions antérieures à 6.1.x, 6.0.x, 5.9.x | ||
| Fortinet | FortiADC | FortiADC versions 6.0.x antérieures à 6.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.5 antérieures à 7.0.0 | ||
| Fortinet | N/A | FortiWLC versions 8.5.x antérieures à 8.5.4 | ||
| Fortinet | FortiADC | FortiADC versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 6.0.3 | ||
| Fortinet | FortiGate | FortiGate versions 5.6.x, 6.0.x et 6.2.x antérieures à 7.0.0 | ||
| Fortinet | FortiADC | FortiADC versions 5.4.x antérieures à 5.4.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.2.9, 1.1.x, 1.0.x antérieures à 1.2.10 | ||
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.4.6 | ||
| Fortinet | FortiGate | FortiGate versions 6.0.x antérieures à 6.2.8 | ||
| Fortinet | N/A | FortiWLC versions 8.6.x antérieures à 8.6.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.2.x ant\u00e9rieures \u00e0 6.2.7",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 5.6.x ant\u00e9rieures \u00e0 6.0.13",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch toutes versions ant\u00e9rieures \u00e0 6.0.x et 3.6.x",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.0 \u00e0 6.4.4 ant\u00e9rieures \u00e0 6.4.5",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb toutes versions ant\u00e9rieures \u00e0 6.1.x, 6.0.x, 5.9.x",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.0.x ant\u00e9rieures \u00e0 6.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.5 ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.5.x ant\u00e9rieures \u00e0 8.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 6.0.3",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 5.6.x, 6.0.x et 6.2.x ant\u00e9rieures \u00e0 7.0.0",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.2.9, 1.1.x, 1.0.x ant\u00e9rieures \u00e0 1.2.10",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.4.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.0.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26094",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26094"
},
{
"name": "CVE-2021-26092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26092"
},
{
"name": "CVE-2021-26087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26087"
},
{
"name": "CVE-2021-26111",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26111"
},
{
"name": "CVE-2021-24012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24012"
},
{
"name": "CVE-2021-26093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26093"
},
{
"name": "CVE-2018-13382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13382"
},
{
"name": "CVE-2018-13374",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13374"
},
{
"name": "CVE-2021-22123",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22123"
},
{
"name": "CVE-2021-22130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22130"
}
],
"initial_release_date": "2021-06-02T00:00:00",
"last_revision_date": "2021-06-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-071 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-071"
}
],
"reference": "CERTFR-2021-AVI-419",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-002 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-002"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-049 du 30 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-049"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-231 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-231"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-006 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-006"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-157 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-18-157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-001 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-001"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-233 du 30 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-233"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-147 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-018 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-137 du 28 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-120 du 28 mai 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-120"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-199 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-199"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-026 du 01 juin 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-026"
}
]
}
CERTFR-2021-AVI-003
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | FortiGate versions 6.2.x antérieures à 6.2.5 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 3.1.x antérieures à 3.1.1 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiGate | FortiGate versions 6.0.x antérieures à 6.0.11 | ||
| Fortinet | FortiWeb | FortiWeb versions 6.3.x antérieures à 6.3.8 | ||
| Fortinet | FortiDeceptor | FortiDeceptor versions 3.0.x antérieures à 3.0.2 | ||
| Fortinet | FortiGate | FortiGate versions 6.4.x antérieures à 6.4.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 3.1.x ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.0.x ant\u00e9rieures \u00e0 6.0.11",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.8",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDeceptor versions 3.0.x ant\u00e9rieures \u00e0 3.0.2",
"product": {
"name": "FortiDeceptor",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29016",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29016"
},
{
"name": "CVE-2020-29015",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29015"
},
{
"name": "CVE-2020-29010",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29010"
},
{
"name": "CVE-2020-29017",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29017"
},
{
"name": "CVE-2020-29019",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29019"
},
{
"name": "CVE-2020-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29018"
}
],
"initial_release_date": "2021-01-06T00:00:00",
"last_revision_date": "2021-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-003",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-123 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-123"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-177 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-126 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/%20FG-IR-20-126"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-125 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-125"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-103 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-103"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-124 du 04 janvier 2021",
"url": "https://www.fortiguard.com/psirt/%20FG-IR-20-124"
}
]
}
CERTFR-2020-AVI-788
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | FortiGate version 6.4.x antérieures à 6.4.2 | ||
| Fortinet | FortiClient | FortiClient versions 6.2 fonctionnant avec l'antivirus en version 6.x antérieures à 6.00137 | ||
| Fortinet | FortiOS | FortiOS versions 6.4 fonctionnant avec l'antivirus en version 6.x antérieures à 6.00144 | ||
| Fortinet | FortiGate | FortiGate version 6.2.x antérieures à 6.2.6 | ||
| Fortinet | FortiOS | FortiOS versions 6.2 fonctionnant avec l'antivirus en version 6.x antérieures à 6.00145 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate version 6.4.x ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient versions 6.2 fonctionnant avec l\u0027antivirus en version 6.x ant\u00e9rieures \u00e0 6.00137",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.4 fonctionnant avec l\u0027antivirus en version 6.x ant\u00e9rieures \u00e0 6.00144",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate version 6.2.x ant\u00e9rieures \u00e0 6.2.6",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.2 fonctionnant avec l\u0027antivirus en version 6.x ant\u00e9rieures \u00e0 6.00145",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-9295",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9295"
},
{
"name": "CVE-2020-15937",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15937"
}
],
"initial_release_date": "2020-12-02T00:00:00",
"last_revision_date": "2020-12-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-788",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-037 du 2 d\u00e9cembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-037"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-068 du 2 d\u00e9cembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-068"
}
]
}
CERTFR-2020-AVI-595
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate 6.2.x toutes versions",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate 6.4.x versions ant\u00e9rieures \u00e0 6.4.1",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions ant\u00e9rieures \u00e0 8.7.3",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12818",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12818"
},
{
"name": "CVE-2020-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12816"
}
],
"initial_release_date": "2020-09-24T00:00:00",
"last_revision_date": "2020-09-24T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-595",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-033 du 23 septembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-033"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-002 du 23 septembre 2020",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-002"
}
]
}
CERTFR-2019-AVI-589
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Fortinet FortiGate. Elles permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.0.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6697",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6697"
}
],
"initial_release_date": "2019-11-25T00:00:00",
"last_revision_date": "2019-11-26T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-589",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-25T00:00:00.000000"
},
{
"description": "Fortinet a retir\u00e9 l\u0027espace de l\u0027URL de son bulletin de s\u00e9curit\u00e9",
"revision_date": "2019-11-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiGate. Elles permet\n\u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiGate",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-184 du 25 novembre 2019",
"url": "https://fortiguard.com/psirt/FG-IR-19-184"
}
]
}
CERTFR-2016-AVI-283
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans le micrologiciel Fortigate de Fortinet. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiGate (FOS) versions ant\u00e9rieures \u00e0 4.3.9",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "La migration vers une version 5.x de FortiGate (FOS) est cependant recommand\u00e9e lorsque celle-ci est possible",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-6909",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6909"
}
],
"initial_release_date": "2016-08-18T00:00:00",
"last_revision_date": "2016-08-23T00:00:00",
"links": [
{
"title": "R\u00e8gle de d\u00e9tection r\u00e9seau Emerging Threats",
"url": "http://docs.emergingthreats.net/bin/view/Main/2023075"
}
],
"reference": "CERTFR-2016-AVI-283",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-08-18T00:00:00.000000"
},
{
"description": "ajout CVE-2016-6909.",
"revision_date": "2016-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003ele\nmicrologiciel Fortigate de Fortinet\u003c/span\u003e. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le micrologiciel Fortigate de Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-16-023 du 17 ao\u00fbt 2016",
"url": "http://fortiguard.com/advisory/FG-IR-16-023"
}
]
}