Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

CERTFR-2025-AVI-0871

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiDLP	FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet	FortiADC	FortiADC toutes versions 6.2.x et 7.0.x
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiTester	FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 6.0.7 à 6.0.12
Fortinet	FortiClient	FortiClientMac toutes versions 7.0.x
Fortinet	FortiSOAR	FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet	FortiPAM	FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet	FortiSRA	FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet	FortiWeb	FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiDLP	FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet	FortiManager	FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet	FortiNDR	FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet	FortiManager	FortiManager Cloud toutes versions 6.4.x
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSRA	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet	FortiClient	FortiClientWindows toutes versions 7.0.x
Fortinet	FortiIsolator	FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet	FortiTester	FortiTester version 7.4 antérieures à 7.4.3
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiOS	FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiIsolator	FortiIsolator toutes versions 2.3.x
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet	FortiProxy	FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet	FortiManager	FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-372	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0679

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.8
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.5.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.8
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiCamera	FortiCamera versions 2.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.9
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.10
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.2
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.6
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.7.10
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.4
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.0.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.2
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiSOAR	FortiSOAR versions 7.6.x antérieures à 7.6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-501	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-421	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-173	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-152	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-042	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-150	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-383	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-364	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-253	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-309	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-513	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-448	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-473	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-209	2025-08-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions 2.1.x toutes versions",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
    },
    {
      "name": "CVE-2025-47857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
    },
    {
      "name": "CVE-2025-32766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
    },
    {
      "name": "CVE-2024-48892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
    },
    {
      "name": "CVE-2025-53744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
    },
    {
      "name": "CVE-2024-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
    },
    {
      "name": "CVE-2025-49813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
    },
    {
      "name": "CVE-2025-25256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
    },
    {
      "name": "CVE-2025-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
    },
    {
      "name": "CVE-2025-27759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
    },
    {
      "name": "CVE-2025-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
    },
    {
      "name": "CVE-2024-26009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
    },
    {
      "name": "CVE-2024-40588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
    },
    {
      "name": "CVE-2023-45584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
    }
  ],
  "initial_release_date": "2025-08-13T00:00:00",
  "last_revision_date": "2025-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
    }
  ]
}

CERTFR-2025-AVI-0575

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.4.7
Fortinet	FortiOS	FortiOS versions 7.2.x et antérieures à 7.2.12
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.2.7
Fortinet	FortiManager	FortiManager versions antérieures à 7.6.2
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiOS	FortiOS versions antérieures à 7.2.11
Fortinet	FortiIsolator	FortiIsolator versions antérieures à 2.4.5
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.7
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.8
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiProxy	FortiProxy versions 7.x antérieures à 7.4.9
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-511	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-026	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-035	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-151	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-045	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-437	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-250	2025-07-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-053	2025-07-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x et ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-52965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52965"
    },
    {
      "name": "CVE-2025-25257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25257"
    },
    {
      "name": "CVE-2025-24474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24474"
    },
    {
      "name": "CVE-2024-32124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32124"
    },
    {
      "name": "CVE-2024-55599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55599"
    },
    {
      "name": "CVE-2025-24477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24477"
    },
    {
      "name": "CVE-2024-27779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27779"
    },
    {
      "name": "CVE-2025-47856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47856"
    }
  ],
  "initial_release_date": "2025-07-09T00:00:00",
  "last_revision_date": "2025-07-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0575",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-511",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-511"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-026",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-026"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-035",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-035"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-151",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-151"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-045",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-045"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-437",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-437"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-250"
    },
    {
      "published_at": "2025-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-053",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-053"
    }
  ]
}

CERTFR-2025-AVI-0399

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.3
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet	FortiClientEMS	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.8
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.7
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet	FortiClient	FortiClientMac versions 7.x antérieures à 7.2.9
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.1.4
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.2
Fortinet	FortiClientEMS	FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet	FortiVoice	FortiVoiceUCDesktop versions antérieures à 7.0
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-472	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-552	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-381	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-548	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-025	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-388	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-380	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-016	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-254	2025-05-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-023	2025-05-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
    },
    {
      "name": "CVE-2025-47294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
    },
    {
      "name": "CVE-2025-24473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
    },
    {
      "name": "CVE-2024-54020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
    },
    {
      "name": "CVE-2025-46777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
    },
    {
      "name": "CVE-2024-35281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
    },
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    },
    {
      "name": "CVE-2025-22252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
    },
    {
      "name": "CVE-2025-47295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
    },
    {
      "name": "CVE-2025-22859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
    }
  ]
}

CERTFR-2025-AVI-0293

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.9
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.14
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.6
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.3
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.7
Fortinet	FortiSwitch	FortiSwitch versions 7.4.x antérieures à 7.4.5
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.17
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.15
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.3
Fortinet	FortiSwitch	FortiSwitch versions 7.2.x antérieures à 7.2.9
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.15
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiClient	FortiClientEMS versions antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.14
Fortinet	FortiSwitch	FortiSwitch versions 7.6.x antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 7.6 pour la vulnérabilité CVE-2024-32122
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.9
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.11
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.9
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.9
Fortinet	FortiIsolator	FortiIsolator versions postérieures à 2.4.3 et antérieures à 2.4.7
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.16
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.2.x antérieures à 6.2.14
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-474	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-435	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-165	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-184	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-111	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-453	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-344	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-046	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-392	2025-04-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-397	2025-04-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6 pour la vuln\u00e9rabilit\u00e9 CVE-2024-32122",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions post\u00e9rieures \u00e0 2.4.3 et ant\u00e9rieures \u00e0 2.4.7",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-46671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46671"
    },
    {
      "name": "CVE-2024-32122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32122"
    },
    {
      "name": "CVE-2024-50565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50565"
    },
    {
      "name": "CVE-2024-26013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26013"
    },
    {
      "name": "CVE-2024-54025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54025"
    },
    {
      "name": "CVE-2024-48887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48887"
    },
    {
      "name": "CVE-2025-22855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22855"
    },
    {
      "name": "CVE-2024-52962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52962"
    },
    {
      "name": "CVE-2023-37930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37930"
    },
    {
      "name": "CVE-2025-25254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25254"
    },
    {
      "name": "CVE-2024-54024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54024"
    }
  ],
  "initial_release_date": "2025-04-09T00:00:00",
  "last_revision_date": "2025-04-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-474",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-474"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-435",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-435"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-165"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-184",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-184"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-111",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-111"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-453",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-453"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-344",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-344"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-046",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-046"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-392",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-392"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-397",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-397"
    }
  ]
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "initial_release_date": "2025-03-12T00:00:00",
  "last_revision_date": "2025-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

CERTFR-2025-AVI-0120

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.2.0
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.14
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.3
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.3
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.7
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.1
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.10
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.8
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiClient	FortiClientMac versions 7.0.x antérieures à 7.0.13
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.2.6
Fortinet	FortiClient	FortiClientWindows versions 7.0.x antérieures à 7.0.14

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-438	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-220	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-261	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-324	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-094	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-302	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-160	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-300	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-147	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-063	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-279	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-311	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-422	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-015	2025-02-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
    },
    {
      "name": "CVE-2024-40586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
    },
    {
      "name": "CVE-2024-50569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
    },
    {
      "name": "CVE-2023-40721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
    },
    {
      "name": "CVE-2024-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
    },
    {
      "name": "CVE-2024-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
    },
    {
      "name": "CVE-2024-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
    },
    {
      "name": "CVE-2024-36508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
    },
    {
      "name": "CVE-2024-40585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
    },
    {
      "name": "CVE-2025-24470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
    },
    {
      "name": "CVE-2024-35279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
    },
    {
      "name": "CVE-2024-40591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
    },
    {
      "name": "CVE-2024-33504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
    },
    {
      "name": "CVE-2024-40584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
    },
    {
      "name": "CVE-2024-52966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
    }
  ],
  "initial_release_date": "2025-02-12T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
    }
  ]
}

CERTFR-2025-AVI-0031

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.2.5
Fortinet	FortiDDoS-F	FortiDDoS-F versions antérieures à 6.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiSOAR	Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet	FortiWLC	FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet	FortiClient	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.4.0
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 6.4x antérieures à 6.4.8
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiSwitch	FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet	FortiAP-W2	FortiAP-W2 versions antérieures à 7.2.4
Fortinet	FortiClient	FortiClientEMS versions antérieures à 7.2.5
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiSwitch	FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.5.1
Fortinet	FortiAP	FortiAP versions antérieures à 7.2.4
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.2.8
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.4.1
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 6.0.1
Fortinet	FortiAP-S	FortiAP-S versions antérieures à 6.4.10
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiAuthenticator	FortiAuthenticator versions antérieures à 6.3.3
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.0.13
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAP	FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.5
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.4.0
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.1.6
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiAP-W2	FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet	FortiTester	FortiTester versions antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAuthenticator	FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-258	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189	2025-01-15	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

CERTFR-2025-AVI-0030

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Fortinet indique que la vulnérabilité CVE-2024-55591 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.17
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.5
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	FortiManager	FortiManager Cloud versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiManager	FortiManager Cloud versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiManager	FortiManager versions7.2.x antérieures à 7.2.9

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-535	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-463	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
    },
    {
      "name": "CVE-2025-24472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24472"
    },
    {
      "name": "CVE-2024-55591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"
    }
  ],
  "initial_release_date": "2025-01-14T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0030",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-14T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-24472",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-55591 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-535",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-535"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
    }
  ]
}

CERTFR-2024-AVI-1096

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les correctifs concernant la vulnérabilité CVE-2024-50570 pour FortiClientLinux 7.0.14, 7.2.8 et 7.4.3 ne sont pas encore disponibles.

Impacted products

Vendor	Product	Description
Fortinet	FortiWLM	FortiWLM versions 8.6.x antérieures à 8.6.6
Fortinet	FortiClient	FortiClientWindows 7.4.x versions antérieures à 7.4.2
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.13
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.8
Fortinet	FortiClient	FortiClientLinux 7.4.x versions antérieures à 7.4.3
Fortinet	FortiClient	FortiClientWindows 7.0.x versions antérieures à 7.0.14
Fortinet	FortiManager	FortiManager versions postérieures à 6.4.10 et antérieures à 6.4.15
Fortinet	FortiClient	FortiClientLinux 7.2.x versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.1
Fortinet	FortiWLM	FortiWLM versions 8.5.x antérieures à 8.5.5
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.5
Fortinet	FortiClient	FortiClientLinux 7.0.x versions antérieures à 7.0.14
Fortinet	FortiManager	FortiManager versions postérieures à 7.0.5 et antérieures à 7.0.13
Fortinet	FortiClient	FortiClientWindows 7.2.x versions antérieures à 7.2.7
Fortinet	FortiManager	FortiManager versions postérieures à 7.2.3 et antérieures à 7.2.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-425	2024-12-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-278	2024-12-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-144	2024-12-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions post\u00e9rieures \u00e0 6.4.10 et ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM versions 8.5.x ant\u00e9rieures \u00e0 8.5.5",
      "product": {
        "name": "FortiWLM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions post\u00e9rieures \u00e0 7.0.5 et ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows 7.2.x versions ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions post\u00e9rieures \u00e0 7.2.3 et ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les correctifs concernant la vuln\u00e9rabilit\u00e9 CVE-2024-50570 pour FortiClientLinux 7.0.14, 7.2.8 et 7.4.3  ne sont pas encore disponibles.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-34990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34990"
    },
    {
      "name": "CVE-2024-50570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50570"
    },
    {
      "name": "CVE-2024-48889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48889"
    }
  ],
  "initial_release_date": "2024-12-19T00:00:00",
  "last_revision_date": "2024-12-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1096",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-12-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-425",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-425"
    },
    {
      "published_at": "2024-12-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-278",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-278"
    },
    {
      "published_at": "2024-12-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-144",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-144"
    }
  ]
}

CERTFR-2024-AVI-0979

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions antérieures à 7.0.9
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.4
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager Cloud toutes versions
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.2.10
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.2.7
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.4.3
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.3
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager versions antérieures à 7.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.4
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.0.13
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.5
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.9
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-396	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-022	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-115	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-033	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-116	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-180	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-199	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-475	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-144	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-125	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-179	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-099	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-267	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-155	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-205	2024-11-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-032	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-448	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-098	2024-11-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-36509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36509"
    },
    {
      "name": "CVE-2023-47543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47543"
    },
    {
      "name": "CVE-2024-26011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26011"
    },
    {
      "name": "CVE-2024-33505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33505"
    },
    {
      "name": "CVE-2023-50176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50176"
    },
    {
      "name": "CVE-2024-40592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40592"
    },
    {
      "name": "CVE-2024-31496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31496"
    },
    {
      "name": "CVE-2024-32117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32117"
    },
    {
      "name": "CVE-2023-44255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44255"
    },
    {
      "name": "CVE-2024-36507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36507"
    },
    {
      "name": "CVE-2024-36513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36513"
    },
    {
      "name": "CVE-2024-47574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47574"
    },
    {
      "name": "CVE-2024-23666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23666"
    },
    {
      "name": "CVE-2024-40590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40590"
    },
    {
      "name": "CVE-2024-32116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32116"
    },
    {
      "name": "CVE-2024-35274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35274"
    },
    {
      "name": "CVE-2024-32118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32118"
    },
    {
      "name": "CVE-2024-33510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33510"
    }
  ],
  "initial_release_date": "2024-11-13T00:00:00",
  "last_revision_date": "2024-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0979",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-396",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-396"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-022"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-115"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-033",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-033"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-116",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-116"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-180",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-180"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-199",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-199"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-475",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-475"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-144",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-144"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-125",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-125"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-179",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-179"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-099",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-099"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-267"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-155",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-155"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-205",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-205"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-032"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-448"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-098",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-098"
    }
  ]
}

CERTFR-2024-AVI-0917

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Fortinet indique que la vulnérabilité CVE-2024-47575 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.13
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager Cloud versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager Cloud versions 6.4.x à 7.0.x antérieures à 7.0.13
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-423

2024-10-23

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 6.4.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-47575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47575"
    }
  ],
  "initial_release_date": "2024-10-23T00:00:00",
  "last_revision_date": "2024-10-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0917",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-23T00:00:00.000000"
    },
    {
      "description": "Ajout de correctifs pour FortiManager Cloud",
      "revision_date": "2024-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiManager. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-47575 est activement exploit\u00e9e.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiManager",
  "vendor_advisories": [
    {
      "published_at": "2024-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-423",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-423"
    }
  ]
}

CERTFR-2024-AVI-0847

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.2.x antérieures à 7.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-472	2024-10-08	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-196	2024-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45330"
    },
    {
      "name": "CVE-2024-33506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33506"
    }
  ],
  "initial_release_date": "2024-10-09T00:00:00",
  "last_revision_date": "2024-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0847",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-472"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-196",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-196"
    }
  ]
}

CERTFR-2024-AVI-0763

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.2.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.4.5
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.6
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.2.7
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.0.12
Fortinet	FortiClient	FortiClientEMS Cloud versions 7.0.x antérieures à 7.0.13
Fortinet	FortiClient	FortiClientEMS versions antérieures à 7.0.13
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientEMS Cloud versions 7.2.x antérieures à 7.2.5
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.3
Fortinet	FortiClient	FortiClientEMS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.5
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.5
Fortinet	FortiClient	FortiClientiOS versions antérieures à 7.4
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientAndroid versions antérieures à 7.2.1
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.0
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.5
Fortinet	FortiEDR Manager	FortiEDR Manager versions antérieures à 6.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-282	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-123	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-256	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-139	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-051	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-204	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-371	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-230	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-362	2024-09-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-048	2024-09-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientiOS versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientAndroid versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Manager versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiEDR Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-44254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44254"
    },
    {
      "name": "CVE-2024-35282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35282"
    },
    {
      "name": "CVE-2024-31490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31490"
    },
    {
      "name": "CVE-2024-45323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45323"
    },
    {
      "name": "CVE-2024-36511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36511"
    },
    {
      "name": "CVE-2024-33508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33508"
    },
    {
      "name": "CVE-2022-45856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45856"
    },
    {
      "name": "CVE-2024-31489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31489"
    },
    {
      "name": "CVE-2024-21753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21753"
    },
    {
      "name": "CVE-2024-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4863"
    }
  ],
  "initial_release_date": "2024-09-11T00:00:00",
  "last_revision_date": "2024-09-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0763",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-282"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-123",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-123"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-256",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-256"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-139",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-139"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-051",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-051"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-204",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-204"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-371",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-371"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-230",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-230"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-362",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-362"
    },
    {
      "published_at": "2024-09-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-048",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-048"
    }
  ]
}

CERTFR-2024-AVI-0677

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.2
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4
Fortinet	FortiDDoS	FortiDDoS versions 5.7.x antérieures à 5.7.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.11
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiDDoS	FortiDDoS-F versions 6.5.x antérieures à 6.5.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.5
Fortinet	FortiDDoS	FortiDDoS-F versions 6.x antérieures à 6.4.2
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-088	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-445	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-467	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-255	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-047	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-012	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions 5.7.x ant\u00e9rieures \u00e0 5.7.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.6.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-21757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21757"
    },
    {
      "name": "CVE-2023-26211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26211"
    },
    {
      "name": "CVE-2024-36505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36505"
    },
    {
      "name": "CVE-2022-45862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45862"
    },
    {
      "name": "CVE-2022-27486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27486"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0677",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-088"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-445",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-445"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-467",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-467"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-255",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-255"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-047",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-047"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-012",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-012"
    }
  ]
}

CERTFR-2024-AVI-0287

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	N/A	FortiClientMac 7.0 versions antérieures à 7.0.11
Fortinet	N/A	FortiClientLinux 7.0 versions antérieures à 7.0.11
Fortinet	FortiSandbox	FortiSandbox 2.1 toutes versions
Fortinet	FortiManager	FortiManager 7.2 versions antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox 3.1 toutes versions
Fortinet	FortiManager	FortiManager 7.0 versions antérieures à 7.0.11
Fortinet	FortiProxy	FortiProxy 7.2 versions antérieures à 7.2.8
Fortinet	FortiSandbox	FortiSandbox 2.2 toutes versions
Fortinet	FortiOS	FortiOS 7.2 versions antérieures à 7.2.8
Fortinet	FortiProxy	FortiProxy 7.4 versions antérieures à 7.4.2
Fortinet	FortiSandbox	FortiSandbox 2.4 toutes versions
Fortinet	FortiOS	FortiOS 6.4 toutes versions
Fortinet	FortiProxy	FortiProxy 1.1 toutes versions
Fortinet	FortiSandbox	FortiSandbox 3.2 toutes versions
Fortinet	N/A	FortiClientLinux 7.2 versions antérieures à 7.2.1
Fortinet	FortiOS	FortiOS 7.4 versions antérieures à 7.4.2
Fortinet	FortiSandbox	FortiSandbox 2.3 toutes versions
Fortinet	FortiProxy	FortiProxy 1.2 toutes versions
Fortinet	FortiSandbox	FortiSandbox 4.4 versions antérieures à 4.4.5
Fortinet	FortiProxy	FortiProxy 2.0 toutes versions
Fortinet	N/A	FortiClientMac 7.2 versions antérieures à 7.2.4
Fortinet	FortiOS	FortiOS 6.2 versions antérieures à 6.2.16
Fortinet	FortiSandbox	FortiSandbox 2.5 toutes versions
Fortinet	FortiSandbox	FortiSandbox 4.0 toutes versions
Fortinet	FortiSandbox	FortiSandbox 2.0 toutes versions
Fortinet	FortiProxy	FortiProxy 1.0 toutes versions
Fortinet	FortiSandbox	FortiSandbox 4.2 versions antérieures à 4.2.7
Fortinet	FortiProxy	FortiProxy 7.0 versions antérieures à 7.0.14
Fortinet	FortiOS	FortiOS 6.0 toutes versions
Fortinet	FortiManager	FortiManager 7.4 versions antérieures à 7.4.2
Fortinet	FortiNAC	FortiNAC-F 7.2 versions antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox 3.0 toutes versions
Fortinet	FortiOS	FortiOS 7.0 toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-060 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-009 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-419 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-454 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-224 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-345 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-416 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-411 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-288 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-413 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-087 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-489 du 09 avril 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-493 du 09 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.1 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.1 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager 7.0 versions ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.2 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.2 versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.4 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.1 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.2 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux 7.2 versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.3 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.2 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.4 versions ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 2.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac 7.2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2 versions ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.5 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.0 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 2.0 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2 versions ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.0 versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager 7.4 versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F 7.2 versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.0 toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-21756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21756"
    },
    {
      "name": "CVE-2023-47540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47540"
    },
    {
      "name": "CVE-2023-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45590"
    },
    {
      "name": "CVE-2023-48785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48785"
    },
    {
      "name": "CVE-2023-48784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48784"
    },
    {
      "name": "CVE-2023-47542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47542"
    },
    {
      "name": "CVE-2024-31492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31492"
    },
    {
      "name": "CVE-2024-23671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23671"
    },
    {
      "name": "CVE-2023-47541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47541"
    },
    {
      "name": "CVE-2024-26014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26014"
    },
    {
      "name": "CVE-2024-23662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23662"
    },
    {
      "name": "CVE-2024-31487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31487"
    },
    {
      "name": "CVE-2023-45588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45588"
    },
    {
      "name": "CVE-2023-41677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41677"
    },
    {
      "name": "CVE-2024-21755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21755"
    }
  ],
  "initial_release_date": "2024-04-10T00:00:00",
  "last_revision_date": "2024-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0287",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire,\u00a0une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-060 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-060"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-009 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-009"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-419 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-419"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-454 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-454"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-224 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-224"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-345 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-345"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-416 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-416"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-411 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-411"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-288 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-288"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-413 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-413"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-087 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-087"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-489 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-489"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-493 du 09 avril 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-493"
    }
  ]
}

CERTFR-2024-AVI-0212

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

S’il n’est pas possible de procéder à l’installation d’une version corrigeant la vulnérabilité, se référer aux mesures de contournement proposées par l’éditeur à la section Workaround.

None

Impacted products

Vendor	Product	Description
Fortinet	FortiClientEMS	FortiClientEMS 6.2 toutes versions
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.14
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.14
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.15
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	FortiClientEMS	FortiClientEMS 6.0 toutes versions
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.10
Fortinet	FortiClientEMS	FortiClientEMS 6.4 toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.7
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.7
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.2
Fortinet	FortiPortal	FortiPortal versions antérieures à 7.0.0
Fortinet	FortiClientEMS	FortiClientEMS versions 7.0.x antérieures à 7.0.11
Fortinet	FortiClientEMS	FortiClientEMS versions 7.2.x antérieures à 7.2.3
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.0
Fortinet	FortiManager	FortiManager versions 7.0.x. antérieures à 7.0.11
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.9
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.14
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.15

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-007 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-304 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-016 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-328 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-424 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-390 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-103 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-013 du 12 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientEMS 6.2 toutes versions",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS 6.0 toutes versions",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS 6.4 toutes versions",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x. ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nS\u2019il n\u2019est pas possible de proc\u00e9der \u00e0 l\u2019installation d\u2019une version\ncorrigeant la vuln\u00e9rabilit\u00e9, se r\u00e9f\u00e9rer aux mesures de contournement\npropos\u00e9es par l\u2019\u00e9diteur \u00e0 la section *Workaround*.\n",
  "cves": [
    {
      "name": "CVE-2024-21761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21761"
    },
    {
      "name": "CVE-2023-42790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42790"
    },
    {
      "name": "CVE-2023-41842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41842"
    },
    {
      "name": "CVE-2023-48788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48788"
    },
    {
      "name": "CVE-2024-23112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23112"
    },
    {
      "name": "CVE-2023-46717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46717"
    },
    {
      "name": "CVE-2023-42789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42789"
    },
    {
      "name": "CVE-2023-47534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47534"
    },
    {
      "name": "CVE-2023-36554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36554"
    }
  ],
  "initial_release_date": "2024-03-13T00:00:00",
  "last_revision_date": "2024-03-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0212",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-007 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-007"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-304 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-304"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-016 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-328 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-328"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-424 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-424"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-390 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-390"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-103 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-013 du 12 mars 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-013"
    }
  ]
}

CERTFR-2024-AVI-0108

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNAC	FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions
Fortinet	FortiProxy	FortiProxy 1.1 toutes versions
Fortinet	FortiNAC	FortiNAC versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.14 (Cette version reste affectée par la vulnérabilité CVE-2023-47537)
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiPAM	FortiPAM 1.0 toutes versions
Fortinet	FortiProxy	FortiProxy 1.2 toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.7
Fortinet	FortiPAM	FortiPAM 1.2 toutes versions
Fortinet	FortiProxy	FortiProxy 1.0 toutes versions
Fortinet	FortiClientEMS	FortiClientEMS versions 7.0.x antérieures à 7.0.11
Fortinet	FortiClientEMS	FortiClientEMS versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS 6.0 toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.3
Fortinet	FortiClientEMS	FortiClientEMS 6.2 et 6.4 toutes versions
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.4
Fortinet	FortiProxy	FortiProxy 7.0 toutes versions
Fortinet	FortiPAM	FortiPAM 1.1 toutes versions
Fortinet	FortiManager	FortiManager 6.2, 6.4 et 7.0 toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.14
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAnalyzer	FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-268 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-301 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-063 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-357 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-397 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-029 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-015 du 08 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.1 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14 (Cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-47537)",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.2 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.2 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS 6.2 et 6.4 toutes versions",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.1 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45581"
    },
    {
      "name": "CVE-2023-47537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
    },
    {
      "name": "CVE-2024-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
    },
    {
      "name": "CVE-2023-26206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26206"
    },
    {
      "name": "CVE-2023-44253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44253"
    },
    {
      "name": "CVE-2024-23113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
    }
  ],
  "initial_release_date": "2024-02-09T00:00:00",
  "last_revision_date": "2024-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0108",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-09T00:00:00.000000"
    },
    {
      "description": "Ajout des syst\u00e8mes affect\u00e9s",
      "revision_date": "2024-02-15T00:00:00.000000"
    },
    {
      "description": "Ajout des syst\u00e8mes affect\u00e9s",
      "revision_date": "2024-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-268 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-268"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-301 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-063 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-063"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-357 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-357"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-397 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-397"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-029 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-029"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-015 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-015"
    }
  ]
}

CERTFR-2023-AVI-0973

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2
Fortinet	N/A	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.10
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.13
Fortinet	FortiProxy	FortiProxy versions 2.0.x
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x antériéures à 6.7.6
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.9
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.2
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.7
Fortinet	N/A	FortiWLM version 8.x antérieures à 8.5.5
Fortinet	FortiDDoS	FortiDDOS-F versions 6.5.x antérieures à 6.5.1
Fortinet	N/A	FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.x antérieures 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.4.3
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.4
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.6
Fortinet	N/A	FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.3
Fortinet	FortiDDoS	FortiDDOS-F versions antérieures à 6.4.2
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiWAN	FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur)
Fortinet	FortiProxy	FortiProxy versions 7.2.x
Fortinet	FortiSIEM	FortiSIEM versions 6.6.x antériéures à 6.6.4
Fortinet	N/A	FortiWLM version 8.6.x antérieures à 8.6.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-299 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-306 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-274 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-385 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-518 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-292 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-108 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-290 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-287 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-064 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-135 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-177 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-061 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-151 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-396 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-143 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-142 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-203 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-265 du 14 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
      "product": {
        "name": "FortiWAN",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
    },
    {
      "name": "CVE-2023-41676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
    },
    {
      "name": "CVE-2023-25603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
    },
    {
      "name": "CVE-2023-36641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-33304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
    },
    {
      "name": "CVE-2023-26205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
    },
    {
      "name": "CVE-2023-28002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
    },
    {
      "name": "CVE-2023-40719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
    },
    {
      "name": "CVE-2023-29177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
    },
    {
      "name": "CVE-2023-44248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
    },
    {
      "name": "CVE-2023-41840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
    },
    {
      "name": "CVE-2023-42783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
    },
    {
      "name": "CVE-2022-40681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
    },
    {
      "name": "CVE-2023-44252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
    },
    {
      "name": "CVE-2023-36553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
    },
    {
      "name": "CVE-2023-44251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
    },
    {
      "name": "CVE-2023-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
    },
    {
      "name": "CVE-2023-34991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    }
  ],
  "initial_release_date": "2023-11-22T00:00:00",
  "last_revision_date": "2023-11-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
    }
  ]
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

CERTFR-2023-AVI-0304

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiADC	FortiADC versions 5.x à 7.0.x antérieures à 7.0.4
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.3
Fortinet	FortiSandbox	FortiSandbox versions 3.x antérieures à 3.2.4
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.x antérieures à 9.4.2
Fortinet	FortiSandbox	FortiSandbox versions 4.0.x antérieures à 4.0.3
Fortinet	FortiNAC	FortiNAC-F versions antérieures à 7.2.0
Fortinet	FortiWeb	FortiWeb versions antérieures à 6.3.22
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiDDoS	FortiDDoS-F versions 6.2.x antérieures à 6.2.3
Fortinet	FortiOS	FortiOS versions 6.x antérieures à 6.4.13
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.9
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.11
Fortinet	FortiDDoS	FortiDDoS-F versions 6.1.x antérieures à 6.1.5
Fortinet	FortiDDoS	FortiDDoS-F versions 6.3.x antérieures à 6.3.4
Fortinet	FortiDDoS	FortiDDoS-F versions 6.4.x antérieures à 6.4.1
Fortinet	N/A	FortiPresence versions antérieures à 2.0.0
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.4.1
Fortinet	N/A	FortiAuthenticator versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiAuthenticator versions 6.1.x à 6.3.x antérieures à 6.3.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.1.x antérieures à 4.1.1
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiClientMac versions 6.x à 7.x antérieures à 7.0.8
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.8 à 6.4.x antérieures à 6.4.11
Fortinet	FortiDDoS	FortiDDoS versions 4.x à 5.x antérieures à 5.7.0
Fortinet	FortiManager	FortiManager versions 6.4.8 à 6.4.x antérieures à 6.4.11
Fortinet	N/A	FortiClientWindows versions 6.x à 7.x antérieures à 7.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-428 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-479 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-502 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-363 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-429 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-186 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-432 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-051 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-056 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-409 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-355 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-060 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-481 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-335 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-050 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-439 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-444 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-320 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-381 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-336 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-275 du 11 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiADC versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 6.3.22",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.1.x ant\u00e9rieures \u00e0 6.1.5",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPresence versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.1.x \u00e0 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions 4.x \u00e0 5.x ant\u00e9rieures \u00e0 5.7.0",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35850"
    },
    {
      "name": "CVE-2022-40679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40679"
    },
    {
      "name": "CVE-2022-43946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43946"
    },
    {
      "name": "CVE-2022-43952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43952"
    },
    {
      "name": "CVE-2022-27487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27487"
    },
    {
      "name": "CVE-2023-27995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27995"
    },
    {
      "name": "CVE-2023-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
    },
    {
      "name": "CVE-2022-40682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40682"
    },
    {
      "name": "CVE-2022-43947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2023-22642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22642"
    },
    {
      "name": "CVE-2022-27485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27485"
    },
    {
      "name": "CVE-2022-42469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
    },
    {
      "name": "CVE-2022-42470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42470"
    },
    {
      "name": "CVE-2022-43951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43951"
    },
    {
      "name": "CVE-2022-41331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41331"
    },
    {
      "name": "CVE-2022-42477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42477"
    },
    {
      "name": "CVE-2022-41330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
    },
    {
      "name": "CVE-2022-43948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43948"
    },
    {
      "name": "CVE-2022-43955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43955"
    },
    {
      "name": "CVE-2023-22635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22635"
    }
  ],
  "initial_release_date": "2023-04-12T00:00:00",
  "last_revision_date": "2023-04-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-428 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-428"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-479 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-479"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-502 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-502"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-363 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-363"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-429 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-429"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-186 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-186"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-432 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-051 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-056 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-409 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-409"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-355 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-355"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-060 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-060"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-481 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-481"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-335 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-335"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-050 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-050"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-439 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-444 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-444"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-320 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-320"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-381 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-381"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-336 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-336"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-275 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-275"
    }
  ]
}

CERTFR-2023-AVI-0199

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité, un déni de service à distance, une élévation de privilèges, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 6.0.x antérieures à 6.0.5
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.3
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.0
Fortinet	FortiPortal	FortiPortal versions 6.0.x antérieures à 6.0.10
Fortinet	FortiWeb	FortiWeb versions 6.4.x antérieures à 6.4.2
Fortinet	FortiMail	FortiMail versions 6.0.x antérieures à 6.0.10
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.0.x antérieures à 6.0.5
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.7
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.0
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.13
Fortinet	FortiWeb	FortiWeb versions 6.3.x antérieures à 6.3.21
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.2.x antérieures à 6.2.0
Fortinet	FortiMail	FortiMail versions 6.2.x antérieures à 6.2.5
Fortinet	N/A	FortiAuthenticator versions antérieures à 6.5.0
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.4
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.13
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.11
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.9
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.6
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.2.0
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.12
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.10
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet	FortiRecorder	FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet	FortiNAC	FortiNAC versions antérieures à 7.2.0
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.2.0
Fortinet	FortiManager	FortiManager versions antérieures à 6.2.0
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.2
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.12
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.12
Fortinet	FortiNAC	FortiNAC versions 9.1.x antérieures à 9.1.9
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.10

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-078 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-447 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-488 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-369 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-477 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-254 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-388 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-401 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-050 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-281 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-001 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-218 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-18-232 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-309 du 07 mars 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-364 du 07 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.21",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.2.0",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-29056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29056"
    },
    {
      "name": "CVE-2022-41329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
    },
    {
      "name": "CVE-2022-41328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
    },
    {
      "name": "CVE-2022-27490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27490"
    },
    {
      "name": "CVE-2022-41333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41333"
    },
    {
      "name": "CVE-2023-25611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25611"
    },
    {
      "name": "CVE-2022-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39953"
    },
    {
      "name": "CVE-2023-23776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23776"
    },
    {
      "name": "CVE-2022-42476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
    },
    {
      "name": "CVE-2022-22297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22297"
    },
    {
      "name": "CVE-2022-39951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39951"
    },
    {
      "name": "CVE-2022-45861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
    },
    {
      "name": "CVE-2022-40676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40676"
    },
    {
      "name": "CVE-2023-25605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25605"
    },
    {
      "name": "CVE-2023-25610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
    }
  ],
  "initial_release_date": "2023-03-08T00:00:00",
  "last_revision_date": "2023-03-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0199",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-08T00:00:00.000000"
    },
    {
      "description": "Correction mineure dans la partie r\u00e9sum\u00e9",
      "revision_date": "2023-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eFortinet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de\ncode indirecte \u00e0 distance (XSS), un contournement de la politique de\ns\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-078 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-447 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-447"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-488 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-477 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-477"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-254 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-254"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-388 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-388"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-401 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-401"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-050 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-050"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-281 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-281"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-001 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-001"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-218 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-232 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-18-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-309 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-309"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-364 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-364"
    }
  ]
}

CERTFR-2023-AVI-0002

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiADC	FortiADC versions 7.x antérieures à 7.0.2
Fortinet	N/A	FortiTester versions 4.x antérieures à 4.2.1
Fortinet	N/A	FortiTester versions 7.1.x antérieures à 7.1.1
Fortinet	N/A	FortiTester versions 7.2.x antérieures à 7.2.0
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.4
Fortinet	FortiPortal	FortiPortal versions antérieures à 6.0.12
Fortinet	N/A	FortiTester versions antérieures à 3.9.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.0.3
Fortinet	FortiManager	FortiManager versions antérieures à 6.2.9
Fortinet	FortiManager	FortiManager versions antérieures à 6.4.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-250 du 03 janvier 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-371 du 03 janvier 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-274 du 03 janvier 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-313 du 03 janvier 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-061 du 03 janvier 2023	None	vendor-advisory
Bulletin de sécurité Fortinet du 03 janvier 2023	-	other
Bulletin de sécurité Fortinet du 03 janvier 2023	-	other
Bulletin de sécurité Fortinet du 03 janvier 2023	-	other
Bulletin de sécurité Fortinet du 03 janvier 2023	-	other
Bulletin de sécurité Fortinet du 03 janvier 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiADC versions 7.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45857"
    },
    {
      "name": "CVE-2022-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35845"
    },
    {
      "name": "CVE-2022-39947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39947"
    },
    {
      "name": "CVE-2022-41336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41336"
    }
  ],
  "initial_release_date": "2023-01-04T00:00:00",
  "last_revision_date": "2023-01-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-250"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-371"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-313"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 03 janvier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-274"
    }
  ],
  "reference": "CERTFR-2023-AVI-0002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-250 du 03 janvier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-371 du 03 janvier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-274 du 03 janvier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-313 du 03 janvier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-061 du 03 janvier 2023",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-973

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.3
Fortinet	N/A	FortiClientMac versions 7.0.x antérieures à 7.0.6
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	FortiDeceptor	FortiDeceptor versions 4.1.x antérieures à 4.1.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.1.x antérieures à 7.1.1
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.2.x antérieures à 7.2.0
Fortinet	FortiSOAR	FortiSOAR versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiEDR CollectorWindows versions 5.0.x.x antérieures à 5.0.3.912
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.9
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.3
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester versions 4.2.x antérieures à 4.2.1
Fortinet	N/A	AV engine versions 6.4.x antérieures à 6.4.275
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.2.x antérieures à 4.2.1
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.0
Fortinet	N/A	AV engine versions 6.2.x antérieures à 6.2.169
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiTester versions 3.9.x antérieures à 3.9.2
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.1
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiEDR CollectorWindows versions 5.2.x.x antérieures à 5.2.0.2288
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-331 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-223 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-234 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-314 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-232 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-218 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-066 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-216 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-174 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-074 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-070 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-064 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-246 du 01 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.0.x.x ant\u00e9rieures \u00e0 5.0.3.912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.4.x ant\u00e9rieures \u00e0 6.4.275",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.2.x ant\u00e9rieures \u00e0 6.2.169",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 3.9.x ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.2.x.x ant\u00e9rieures \u00e0 5.2.0.2288",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-26122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26122"
    },
    {
      "name": "CVE-2022-35842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35842"
    },
    {
      "name": "CVE-2022-38374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38374"
    },
    {
      "name": "CVE-2022-38380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38380"
    },
    {
      "name": "CVE-2022-26119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26119"
    },
    {
      "name": "CVE-2022-35851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35851"
    },
    {
      "name": "CVE-2022-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39945"
    },
    {
      "name": "CVE-2022-38373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38373"
    },
    {
      "name": "CVE-2022-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33870"
    },
    {
      "name": "CVE-2022-33878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33878"
    },
    {
      "name": "CVE-2022-30307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30307"
    },
    {
      "name": "CVE-2022-38381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38381"
    },
    {
      "name": "CVE-2022-39950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39950"
    },
    {
      "name": "CVE-2022-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39949"
    },
    {
      "name": "CVE-2022-42473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42473"
    }
  ],
  "initial_release_date": "2022-11-02T00:00:00",
  "last_revision_date": "2022-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-331 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-331"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-223 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-223"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-234 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-234"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-314 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-314"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-232 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-218 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-066 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-066"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-216 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-174 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-174"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-074 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-074"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-070 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-070"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-064 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-246 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-246"
    }
  ]
}

CERTFR-2022-AVI-894

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	N/A	FortiTester versions 4.x antérieures à 4.2.1
Fortinet	N/A	FortiTester versions 7.x antérieures à 7.1.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 2.0.10
Fortinet	FortiOS	FortiOS versions 6.0.x antérieures à 6.0.15 (ces versions sont affectées par la vulnérabilité CVE-2022-29055, il est préférable de migrer vers la version 6.2.11)
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.4
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.0.4
Fortinet	N/A	FortiTester versions antérieures à 3.9.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-086 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-377 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-242 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-237 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-026 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-244 du 10 octobre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-247 du 10 octobre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.15 (ces versions sont affect\u00e9es par la vuln\u00e9rabilit\u00e9 CVE-2022-29055, il est pr\u00e9f\u00e9rable de migrer vers la version 6.2.11)",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-33873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33873"
    },
    {
      "name": "CVE-2022-29055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29055"
    },
    {
      "name": "CVE-2022-40684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40684"
    },
    {
      "name": "CVE-2021-44171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44171"
    },
    {
      "name": "CVE-2022-26121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26121"
    },
    {
      "name": "CVE-2022-35846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35846"
    },
    {
      "name": "CVE-2022-35844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35844"
    }
  ],
  "initial_release_date": "2022-10-11T00:00:00",
  "last_revision_date": "2022-10-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-894",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-086 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-086"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-377 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-377"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-242 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-242"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-237 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-237"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-026 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-026"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-244 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-244"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-247 du 10 octobre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-247"
    }
  ]
}

CERTFR-2022-AVI-800

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.4
Fortinet	N/A	FortiAP-W2 versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-S versions 6.x antérieures à 6.4.8
Fortinet	N/A	FortiAP-W2 versions 7.2.x antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.0.2
Fortinet	N/A	FortiAP versions 7.2.x antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiAP versions 6.x antérieures à 6.4.8
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiAP-U versions antérieures à 6.2.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.6
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.1
Fortinet	FortiADC	FortiADC versions antérieures à 6.2.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.x antérieures à 6.4.9
Fortinet	N/A	FortiAP versions 7.0.x antérieures à 7.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-163 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-215 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-140 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-143 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-073 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-152 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-045 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-156 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-306 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-222 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-158 du 06 septembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-154 du 06 septembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-U versions ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-43080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43080"
    },
    {
      "name": "CVE-2022-29062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29062"
    },
    {
      "name": "CVE-2022-38377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38377"
    },
    {
      "name": "CVE-2022-29058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29058"
    },
    {
      "name": "CVE-2022-30298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30298"
    },
    {
      "name": "CVE-2022-29053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29053"
    },
    {
      "name": "CVE-2021-43076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43076"
    },
    {
      "name": "CVE-2022-29061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29061"
    },
    {
      "name": "CVE-2022-27491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27491"
    },
    {
      "name": "CVE-2022-26114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26114"
    },
    {
      "name": "CVE-2022-35847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35847"
    }
  ],
  "initial_release_date": "2022-09-07T00:00:00",
  "last_revision_date": "2022-09-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-800",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-163 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-163"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-215 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-215"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-140 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-140"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-143 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-073 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-073"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-152 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-045 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-156 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-156"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-306 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-222 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-158 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-158"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-154 du 06 septembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-154"
    }
  ]
}

CVE-2024-48889 (GCVE-0-2024-48889)

Vulnerability from nvd

Published

2024-12-18 12:44

Modified

2025-08-27 21:26

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U

CWE

CWE-78 - Execute unauthorized code or commands

Summary

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-425

Impacted products

	Vendor	Product	Version
	Fortinet	FortiManager	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.3 ≤ 7.2.7 Version: 7.0.5 ≤ 7.0.12 Version: 6.4.10 ≤ 6.4.14 cpe:2.3:o:fortinet:fortimanager:7.6.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T04:55:50.284489Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T21:26:21.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.10",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T12:44:38.675Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-48889",
    "datePublished": "2024-12-18T12:44:38.675Z",
    "dateReserved": "2024-10-09T09:03:09.962Z",
    "dateUpdated": "2025-08-27T21:26:21.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47575 (GCVE-0-2024-47575)

Vulnerability from nvd

Published

2024-10-23 15:03

Modified

2025-10-21 22:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

CWE

CWE-306 - Execute unauthorized code or commands

Summary

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Impacted products

	Vendor	Product	Version
	Fortinet	FortiManager	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.12 cpe:2.3:o:fortinet:fortimanager:7.6.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47575",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T18:32:16.885929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:42.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-23T00:00:00+00:00",
            "value": "CVE-2024-47575 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T07:41:45.283Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47575",
    "datePublished": "2024-10-23T15:03:48.798Z",
    "dateReserved": "2024-09-27T16:19:24.137Z",
    "dateUpdated": "2025-10-21T22:55:42.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2024-ALE-014

Vulnerability from certfr_alerte

[Mise à jour du 14 janvier 2025] Publication des correctifs

Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566 qui correspond à la vulnérabilité de type jour-zéro pour laquelle une preuve de concept a été publiée en novembre 2024. Des correctifs de sécurité sont désormais disponibles et doivent être appliqués.

[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro non couverte par le correctif FG-IR-24-423.

Le 14 novembre 2024, le CERT-FR a pris connaissance d'une preuve de concept publique permettant l'exploitation d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.

Cette vulnérabilité permet à un attaquant contrôlant un équipement FortiGate enregistré de prendre le contrôle de l'équipement FortiManager associé, même sur les versions les plus à jour. Un attaquant peut donc, depuis un équipement FortiGate compromis, se latéraliser vers un équipement FortiManager puis vers d'autres équipements FortiGate même si ces derniers ne sont pas exposés sur Internet et qu'ils bénéficient des derniers correctifs de sécurité.

[Publication initiale]

Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.

Fortinet indique que la vulnérabilité CVE-2024-47575 est activement exploitée. L'éditeur précise qu'en exploitant cette vulnérabilité, un attaquant est en mesure d'exfiltrer des données contenant des adresses IP, des secrets et des configurations des équipements gérés par le FortiManager.

Mesures de contournement

L'éditeur propose plusieurs mesures de contournement si la mise à jour est impossible dans l'immédiat. Celles-ci varient en fonction de la version de l'équipement et peuvent entraîner des effets de bord voire être contournées dans certaines situations.

Solutions

[Mise à jour du 14 janvier 2025] Publication des correctifs

Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566. Les mises à jour de sécurité sont disponibles et doivent être appliquées. Veuillez-vous référer à l'avis éditeur (FG-IR-24-463) pour la liste des versions correctives.

[Mise à jour du 24 octobre 2024] Précisions relatives aux recommandations du CERT-FR.

Le CERT-FR n'exclut pas la possibilité d'exploitations réalisées dans les mois précédant la publication de l'avis de l'éditeur. Il est donc nécessaire de chercher les indicateurs de compromissions mis à disposition par l'éditeur sur une période de temps correspondante. Le CERT-FR recommande également de faire une recherche en utilisant les indicateurs détaillés dans le billet de blogue de Mandiant [4]. Note : Ces indicateurs n'ont pas été qualifiés par le CERT-FR.

Des risques d'exploitation depuis l'intérieur du système d'information via un équipement préalablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d'effectuer une recherche de compromission sur les équipements non-exposés sur Internet.

En cas de compromission ou de suspicion de compromission: * signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier ; * rechercher toutes traces de latéralisation sur le reste du système d’information, notamment : * en cherchant les connexions ou tentatives de connexion vers Internet depuis l'équipement compromis ; * puis en cherchant ces adresses IP de destination pour vérifier si d’autres machines ont tenté une connexion ; * en identifiant l'ensemble des équipement Fortinet gérés par le FortiManager puis en examinant leurs journaux.

[Publication initiale] Des versions correctives sont disponibles pour la majorité des versions impactées. Le CERT-FR recommande l'application des mises à jour de sécurité dans les plus brefs délais. Pour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l'éditeur indique de mettre à jour vers la version 7.4.5 ou ultérieure.

Fortinet met à disposition différents indicateurs de compromission dans son avis de sécurité.

En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information [1], ainsi que les fiches réflexe sur la compromission système [2] [3].

L'éditeur propose, dans son bulletin, des méthodes de remédiation. Néanmoins, le CERT-FR recommande tout d'abord d'isoler les équipements compromis du réseau et de réaliser un gel de données (instantané pour les machines virtuelles, isolement de l’équipement s’il s’agit d’une machine physique) à des fins d’investigations approfondies.

[Mise à jour du 14 janvier 2025] Publication des correctifs

L'éditeur a publié des correctifs pour la vulnérabilité de type jour-zéro désormais identifiée en tant que CVE-2024-50566. La liste des systèmes affectés a été mise à jour.

[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro

Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.

[Mise à jour du 24 octobre 2024]Mise à jour des systèmes affectés

L'éditeur a indiqué avoir publié de nouvelles versions correctives pour FortiManager Cloud. Fortinet précise que certains équipements FortiAnalyser sont également affectés. L'identification de ces équipements est précisée dans le bulletin éditeur.

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer modèles 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalité FortiManager
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.13
Fortinet	FortiManager	FortiManager Cloud versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiManager	FortiManager Cloud versions 6.4.x à 7.0.x antérieures à 7.0.13

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-463	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-423	2024-10-23	vendor-advisory
Avis CERTFR-2025-AVI-0030 du 14 janvier 2025	-	other
[4] Billet de blogue de Mandiant du 24 octobre 2024	-	other
[3] Fiche réflexe Compromission système - Endiguement	-	other
[1] Les bons réflexes en cas d’intrusion sur un système d’information	-	other
[2] Fiche réflexe Compromission système - Qualification	-	other
Avis CERTFR-2024-AVI-0917 du 23 octobre 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer mod\u00e8les 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalit\u00e9 FortiManager",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 6.4.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 des correctifs pour la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro d\u00e9sormais identifi\u00e9e en tant que CVE-2024-50566. La liste des syst\u00e8mes affect\u00e9s a \u00e9t\u00e9 mise \u00e0 jour.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro\n\nLe CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\n**[Mise \u00e0 jour du 24 octobre 2024]Mise \u00e0 jour des syst\u00e8mes affect\u00e9s**\n\nL\u0027\u00e9diteur a indiqu\u00e9 avoir publi\u00e9 de nouvelles versions correctives pour FortiManager Cloud. Fortinet pr\u00e9cise que certains \u00e9quipements FortiAnalyser sont \u00e9galement affect\u00e9s. L\u0027identification de ces \u00e9quipements est pr\u00e9cis\u00e9e dans le bulletin \u00e9diteur. ",
  "closed_at": "2025-03-31",
  "content": "##\u00a0Mesures de contournement\n\nL\u0027\u00e9diteur propose plusieurs mesures de contournement si la mise \u00e0 jour est impossible dans l\u0027imm\u00e9diat. Celles-ci varient en fonction de la version de l\u0027\u00e9quipement et peuvent entra\u00eener des effets de bord voire \u00eatre contourn\u00e9es dans certaines situations.\n\n## Solutions\n\n**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566. Les mises \u00e0 jour de s\u00e9curit\u00e9 sont disponibles et doivent \u00eatre appliqu\u00e9es. Veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur (FG-IR-24-463) pour la liste des versions correctives.\n\n**[Mise \u00e0 jour du 24 octobre 2024] Pr\u00e9cisions relatives aux recommandations du CERT-FR.**\n\nLe CERT-FR n\u0027exclut pas la possibilit\u00e9 d\u0027exploitations r\u00e9alis\u00e9es dans les mois pr\u00e9c\u00e9dant la publication de l\u0027avis de l\u0027\u00e9diteur. Il est donc n\u00e9cessaire de chercher les indicateurs de compromissions mis \u00e0 disposition par l\u0027\u00e9diteur sur une p\u00e9riode de temps correspondante. Le CERT-FR recommande \u00e9galement de faire une recherche en utilisant les indicateurs d\u00e9taill\u00e9s dans le billet de blogue de Mandiant [4]. *Note : Ces indicateurs n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.*\n\nDes risques d\u0027exploitation depuis l\u0027int\u00e9rieur du syst\u00e8me d\u0027information via un \u00e9quipement pr\u00e9alablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d\u0027effectuer une recherche de compromission sur les \u00e9quipements non-expos\u00e9s sur Internet.\n\n\nEn cas de compromission ou de suspicion de compromission: \n* signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier ;\n* rechercher toutes traces de lat\u00e9ralisation sur le reste du syst\u00e8me d\u2019information, notamment :\n    * en cherchant les connexions ou tentatives de connexion vers Internet depuis l\u0027\u00e9quipement compromis ;\n    * puis en cherchant ces adresses IP de destination pour v\u00e9rifier si d\u2019autres machines ont tent\u00e9 une connexion ; \n    * en identifiant l\u0027ensemble des \u00e9quipement Fortinet g\u00e9r\u00e9s par le FortiManager puis en examinant leurs journaux.\n\n**[Publication initiale]**\nDes versions correctives sont disponibles pour la majorit\u00e9 des versions impact\u00e9es. Le CERT-FR recommande l\u0027application des mises \u00e0 jour de s\u00e9curit\u00e9 dans les plus brefs d\u00e9lais.\nPour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l\u0027\u00e9diteur indique de mettre \u00e0 jour vers la version 7.4.5 ou ult\u00e9rieure. \n\nFortinet met \u00e0 disposition diff\u00e9rents indicateurs de compromission dans son avis de s\u00e9curit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les [bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information](https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/) [1], ainsi que les fiches r\u00e9flexe sur la compromission syst\u00e8me [2] [3].\n\nL\u0027\u00e9diteur propose, dans son bulletin, des m\u00e9thodes de rem\u00e9diation. N\u00e9anmoins, le CERT-FR recommande tout d\u0027abord d\u0027isoler les \u00e9quipements compromis du r\u00e9seau et de r\u00e9aliser un gel de donn\u00e9es (instantan\u00e9 pour les machines virtuelles, isolement de l\u2019\u00e9quipement s\u2019il s\u2019agit d\u2019une machine physique) \u00e0 des fins d\u2019investigations approfondies. ",
  "cves": [
    {
      "name": "CVE-2024-50566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
    },
    {
      "name": "CVE-2024-47575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47575"
    }
  ],
  "initial_release_date": "2024-10-30T00:00:00",
  "last_revision_date": "2025-03-31T00:00:00",
  "links": [
    {
      "title": "Avis CERTFR-2025-AVI-0030 du 14 janvier 2025",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0030/"
    },
    {
      "title": "[4] Billet de blogue de Mandiant du 24 octobre 2024",
      "url": "https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575?hl=en"
    },
    {
      "title": "[3] Fiche r\u00e9flexe Compromission syst\u00e8me - Endiguement",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-006/"
    },
    {
      "title": "[1] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
      "url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
    },
    {
      "title": "[2]\u00a0Fiche r\u00e9flexe Compromission syst\u00e8me - Qualification",
      "url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-005/"
    },
    {
      "title": "Avis CERTFR-2024-AVI-0917 du 23 octobre 2024",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0917"
    }
  ],
  "reference": "CERTFR-2024-ALE-014",
  "revisions": [
    {
      "description": "Mise \u00e0 jour concernant la disponibilit\u00e9 de correctifs",
      "revision_date": "2024-10-30T00:00:00.000000"
    },
    {
      "description": "Reformulation",
      "revision_date": "2024-11-21T00:00:00.000000"
    },
    {
      "description": "Publication des correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-50566",
      "revision_date": "2025-01-14T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des syst\u00e8mes affect\u00e9s et des recommandations du CERT-FR",
      "revision_date": "2024-10-24T00:00:00.000000"
    },
    {
      "description": "Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro permettant de contourner partiellement le correctif FG-IR-24-423.",
      "revision_date": "2024-11-15T00:00:00.000000"
    },
    {
      "description": "    Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2025-03-31T00:00:00.000000"
    },
    {
      "description": "Version initiale",
      "revision_date": "2024-10-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566 qui correspond \u00e0 la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro pour laquelle une preuve de concept a \u00e9t\u00e9 publi\u00e9e en novembre 2024. Des correctifs de s\u00e9curit\u00e9 sont d\u00e9sormais disponibles et doivent \u00eatre appliqu\u00e9s.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro non couverte par le correctif FG-IR-24-423.\n\nLe 14 novembre 2024, le CERT-FR a pris connaissance d\u0027une preuve de concept publique permettant l\u0027exploitation d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\u003c/span\u003e\n\u003c/br\u003e\u003c/br\u003e\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant contr\u00f4lant un \u00e9quipement FortiGate enregistr\u00e9 de prendre le contr\u00f4le de l\u0027\u00e9quipement FortiManager associ\u00e9, m\u00eame sur les versions les plus \u00e0 jour. Un attaquant peut donc, depuis un \u00e9quipement FortiGate compromis, se lat\u00e9raliser vers un \u00e9quipement FortiManager puis vers d\u0027autres \u00e9quipements FortiGate m\u00eame si ces derniers ne sont pas expos\u00e9s sur Internet et qu\u0027ils b\u00e9n\u00e9ficient des derniers correctifs de s\u00e9curit\u00e9.\n\u003c/span\u003e\n\n**[Publication initiale]**\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiManager. Elle permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-47575 est activement exploit\u00e9e. L\u0027\u00e9diteur pr\u00e9cise qu\u0027en exploitant cette vuln\u00e9rabilit\u00e9, un attaquant est en mesure d\u0027exfiltrer des donn\u00e9es contenant des adresses IP, des secrets et des configurations des \u00e9quipements g\u00e9r\u00e9s par le FortiManager. ",
  "title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiManager",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
    },
    {
      "published_at": "2024-10-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-423",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-423"
    }
  ]
}

CVE-2024-47575 (GCVE-0-2024-47575)

Vulnerability from cvelistv5

Published

2024-10-23 15:03

Modified

2025-10-21 22:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

CWE

CWE-306 - Execute unauthorized code or commands

Summary

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Impacted products

	Vendor	Product	Version
	Fortinet	FortiManager	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.12 cpe:2.3:o:fortinet:fortimanager:7.6.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47575",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T18:32:16.885929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:42.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-23T00:00:00+00:00",
            "value": "CVE-2024-47575 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T07:41:45.283Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47575",
    "datePublished": "2024-10-23T15:03:48.798Z",
    "dateReserved": "2024-09-27T16:19:24.137Z",
    "dateUpdated": "2025-10-21T22:55:42.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Refine your search

50 vulnerabilities found for FortiManager by Fortinet

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Contournement provisoire

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

CVE-2024-48889 (GCVE-0-2024-48889)

Vulnerability from nvd

CVE-2024-47575 (GCVE-0-2024-47575)

Vulnerability from nvd

Vulnerability from certfr_alerte

Mesures de contournement

Solutions

CVE-2024-47575 (GCVE-0-2024-47575)

Vulnerability from cvelistv5