Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

CERTFR-2025-AVI-1023

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Fortinet indique que la vulnérabilité CVE-2025-58034 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.8
Fortinet	FortiOS	FortiOS versions antérieures à 7.6.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiExtender versions antérieures à 7.4.8
Fortinet	FortiSASE	FortiSASE versions antérieures à 25.3.c
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.2.11
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.8
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.2
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.6 (à venir)
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.6.1
Fortinet	FortiADC	FortiADC versions 7.6.x antérieures à 7.6.4
Fortinet	FortiWeb	FortiWeb versions 8.0.x antérieures à 8.0.2
Fortinet	FortiADC	FortiADC versions 8.0.x antérieures à 8.0.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.6.4
Fortinet	N/A	FortiExtender versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSandbox	FortiSandbox versions à 4.4.8
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-259	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-125	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-112	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-358	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-686	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-513	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-789	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-632	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-501	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-545	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-634	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-736	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-844	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-251	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-666	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-843	2025-11-18	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-225	2025-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSASE versions ant\u00e9rieures \u00e0 25.3.c",
      "product": {
        "name": "FortiSASE",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.6 (\u00e0 venir)",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.6.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 8.0.x ant\u00e9rieures \u00e0 8.0.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 8.0.x ant\u00e9rieures \u00e0 8.0.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions \u00e0 4.4.8",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-46215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46215"
    },
    {
      "name": "CVE-2025-58412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58412"
    },
    {
      "name": "CVE-2025-54821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54821"
    },
    {
      "name": "CVE-2025-46776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46776"
    },
    {
      "name": "CVE-2025-46775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46775"
    },
    {
      "name": "CVE-2025-59669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59669"
    },
    {
      "name": "CVE-2025-54660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54660"
    },
    {
      "name": "CVE-2025-47761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47761"
    },
    {
      "name": "CVE-2025-48839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48839"
    },
    {
      "name": "CVE-2025-53843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53843"
    },
    {
      "name": "CVE-2025-61713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61713"
    },
    {
      "name": "CVE-2025-54971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54971"
    },
    {
      "name": "CVE-2025-58692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58692"
    },
    {
      "name": "CVE-2025-54972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54972"
    },
    {
      "name": "CVE-2025-58413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58413"
    },
    {
      "name": "CVE-2025-58034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58034"
    },
    {
      "name": "CVE-2025-46373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46373"
    }
  ],
  "initial_release_date": "2025-11-19T00:00:00",
  "last_revision_date": "2025-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1023",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-58034 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-259"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-125",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-125"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-112",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-112"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-358",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-358"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-686",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-686"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-513"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-789",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-789"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-632",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-632"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-501"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-545",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-545"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-634",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-634"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-736",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-736"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-844",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-844"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-251",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-251"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-666",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-666"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-843",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-843"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-225",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-225"
    }
  ]
}

CERTFR-2025-AVI-0871

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiDLP	FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet	FortiADC	FortiADC toutes versions 6.2.x et 7.0.x
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiTester	FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 6.0.7 à 6.0.12
Fortinet	FortiClient	FortiClientMac toutes versions 7.0.x
Fortinet	FortiSOAR	FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet	FortiPAM	FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet	FortiSRA	FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet	FortiWeb	FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiDLP	FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet	FortiManager	FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet	FortiNDR	FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet	FortiManager	FortiManager Cloud toutes versions 6.4.x
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSRA	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet	FortiClient	FortiClientWindows toutes versions 7.0.x
Fortinet	FortiIsolator	FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet	FortiTester	FortiTester version 7.4 antérieures à 7.4.3
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiOS	FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiIsolator	FortiIsolator toutes versions 2.3.x
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet	FortiProxy	FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet	FortiManager	FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-372	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0679

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.8
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.5.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.8
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiCamera	FortiCamera versions 2.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.9
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.10
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.2
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.6
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.7.10
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.4
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.0.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.2
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiSOAR	FortiSOAR versions 7.6.x antérieures à 7.6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-501	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-421	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-173	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-152	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-042	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-150	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-383	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-364	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-253	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-309	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-513	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-448	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-473	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-209	2025-08-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions 2.1.x toutes versions",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
    },
    {
      "name": "CVE-2025-47857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
    },
    {
      "name": "CVE-2025-32766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
    },
    {
      "name": "CVE-2024-48892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
    },
    {
      "name": "CVE-2025-53744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
    },
    {
      "name": "CVE-2024-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
    },
    {
      "name": "CVE-2025-49813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
    },
    {
      "name": "CVE-2025-25256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
    },
    {
      "name": "CVE-2025-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
    },
    {
      "name": "CVE-2025-27759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
    },
    {
      "name": "CVE-2025-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
    },
    {
      "name": "CVE-2024-26009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
    },
    {
      "name": "CVE-2024-40588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
    },
    {
      "name": "CVE-2023-45584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
    }
  ],
  "initial_release_date": "2025-08-13T00:00:00",
  "last_revision_date": "2025-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
    }
  ]
}

CERTFR-2025-AVI-0496

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.9
Fortinet	FortiProxy	FortiProxy toutes versions 7.2.x
Fortinet	FortiProxy	FortiProxy toutes versions 1.1.x
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.2
Fortinet	FortiADC	FortiADC toutes versions 7.0.x
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.2
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet	FortiClient	FortiClientEMS versions 7.2.x antérieures à 7.2.7
Fortinet	FortiOS	FortiOS toutes versions 6.4.x
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiProxy	FortiProxy toutes versions 1.2.x
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.8
Fortinet	FortiOS	FortiOS toutes versions 7.0.x
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.7
Fortinet	FortiOS	FortiOS toutes versions 6.2.x
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.3
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientWindows toutes versions 7.0.x
Fortinet	FortiClient	FortiClientEMS toutes versions 6.4.x
Fortinet	FortiOS	FortiOS toutes versions 7.2.x
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.7
Fortinet	FortiADC	FortiADC toutes versions 6.2.x
Fortinet	FortiPAM	FortiPAM versions 1.3.x antérieures à 1.3.1
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet	FortiSRA	FortiSRA versions 1.4.x antérieures à 1.4.2
Fortinet	FortiProxy	FortiProxy toutes versions 2.0.x
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet	FortiADC	FortiADC toutes versions 6.1.x
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.8
Fortinet	FortiProxy	FortiProxy toutes versions 7.0.x
Fortinet	FortiADC	FortiADC versions 7.6.x antérieures à 7.6.2
Fortinet	FortiPAM	FortiPAM versions 1.2.x antérieures à 1.2.1
Fortinet	FortiClient	FortiClientEMS toutes versions 6.2.x
Fortinet	FortiPAM	FortiPAM versions 1.0.x antérieures à 1.0.4
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-385	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-274	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-257	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-099	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-375	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-058	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-008	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-006	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-287	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-342	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-008	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-544	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-339	2025-06-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-365	2025-06-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 7.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.1.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 7.0.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.2.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 6.4.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 7.2.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.3.x ant\u00e9rieures \u00e0 1.3.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 2.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.1.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 7.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.2.x ant\u00e9rieures \u00e0 1.2.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS toutes versions 6.2.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.0.x ant\u00e9rieures \u00e0 1.0.4",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-32119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32119"
    },
    {
      "name": "CVE-2023-48786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48786"
    },
    {
      "name": "CVE-2024-50562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50562"
    },
    {
      "name": "CVE-2025-22256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22256"
    },
    {
      "name": "CVE-2023-29184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29184"
    },
    {
      "name": "CVE-2024-54019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54019"
    },
    {
      "name": "CVE-2025-24471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24471"
    },
    {
      "name": "CVE-2025-31104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31104"
    },
    {
      "name": "CVE-2024-45329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45329"
    },
    {
      "name": "CVE-2024-50568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50568"
    },
    {
      "name": "CVE-2025-25250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25250"
    },
    {
      "name": "CVE-2025-22251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22251"
    },
    {
      "name": "CVE-2025-22254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22254"
    },
    {
      "name": "CVE-2025-22862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22862"
    }
  ],
  "initial_release_date": "2025-06-11T00:00:00",
  "last_revision_date": "2025-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0496",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-385",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-385"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-274",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-274"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-257",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-257"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-099",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-099"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-375",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-375"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-058",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-058"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-008",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-008"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-006",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-006"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-287",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-287"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-342",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-342"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-008",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-008"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-544",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-544"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-339",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-339"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-365",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-365"
    }
  ]
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "initial_release_date": "2025-03-12T00:00:00",
  "last_revision_date": "2025-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

CERTFR-2025-AVI-0120

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.2.0
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.14
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.3
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.3
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.7
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.1
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.10
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.8
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiClient	FortiClientMac versions 7.0.x antérieures à 7.0.13
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.2.6
Fortinet	FortiClient	FortiClientWindows versions 7.0.x antérieures à 7.0.14

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-438	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-220	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-261	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-324	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-094	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-302	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-160	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-300	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-147	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-063	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-279	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-311	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-422	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-015	2025-02-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
    },
    {
      "name": "CVE-2024-40586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
    },
    {
      "name": "CVE-2024-50569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
    },
    {
      "name": "CVE-2023-40721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
    },
    {
      "name": "CVE-2024-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
    },
    {
      "name": "CVE-2024-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
    },
    {
      "name": "CVE-2024-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
    },
    {
      "name": "CVE-2024-36508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
    },
    {
      "name": "CVE-2024-40585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
    },
    {
      "name": "CVE-2025-24470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
    },
    {
      "name": "CVE-2024-35279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
    },
    {
      "name": "CVE-2024-40591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
    },
    {
      "name": "CVE-2024-33504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
    },
    {
      "name": "CVE-2024-40584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
    },
    {
      "name": "CVE-2024-52966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
    }
  ],
  "initial_release_date": "2025-02-12T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
    }
  ]
}

CERTFR-2024-AVI-0979

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions antérieures à 7.0.9
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.4
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager Cloud toutes versions
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.2.10
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.2.7
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.4.3
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.3
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager versions antérieures à 7.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.4
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.0.13
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.5
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.9
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-396	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-022	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-115	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-033	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-116	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-180	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-199	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-475	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-144	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-125	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-179	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-099	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-267	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-155	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-205	2024-11-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-032	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-448	2024-11-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-098	2024-11-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-36509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36509"
    },
    {
      "name": "CVE-2023-47543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47543"
    },
    {
      "name": "CVE-2024-26011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26011"
    },
    {
      "name": "CVE-2024-33505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33505"
    },
    {
      "name": "CVE-2023-50176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50176"
    },
    {
      "name": "CVE-2024-40592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40592"
    },
    {
      "name": "CVE-2024-31496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31496"
    },
    {
      "name": "CVE-2024-32117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32117"
    },
    {
      "name": "CVE-2023-44255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44255"
    },
    {
      "name": "CVE-2024-36507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36507"
    },
    {
      "name": "CVE-2024-36513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36513"
    },
    {
      "name": "CVE-2024-47574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47574"
    },
    {
      "name": "CVE-2024-23666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23666"
    },
    {
      "name": "CVE-2024-40590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40590"
    },
    {
      "name": "CVE-2024-32116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32116"
    },
    {
      "name": "CVE-2024-35274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35274"
    },
    {
      "name": "CVE-2024-32118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32118"
    },
    {
      "name": "CVE-2024-33510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33510"
    }
  ],
  "initial_release_date": "2024-11-13T00:00:00",
  "last_revision_date": "2024-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0979",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-396",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-396"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-022"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-115"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-033",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-033"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-116",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-116"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-180",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-180"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-199",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-199"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-475",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-475"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-144",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-144"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-125",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-125"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-179",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-179"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-099",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-099"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-267"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-155",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-155"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-205",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-205"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-032",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-032"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-448"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-098",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-098"
    }
  ]
}

CERTFR-2024-AVI-0677

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.x antérieures à 7.2.2
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4
Fortinet	FortiDDoS	FortiDDoS versions 5.7.x antérieures à 5.7.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.11
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.11
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.15
Fortinet	FortiDDoS	FortiDDoS-F versions 6.5.x antérieures à 6.5.1
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.5
Fortinet	FortiDDoS	FortiDDoS-F versions 6.x antérieures à 6.4.2
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-088	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-445	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-467	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-255	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-047	2024-08-13	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-012	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions 5.7.x ant\u00e9rieures \u00e0 5.7.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.6.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-21757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21757"
    },
    {
      "name": "CVE-2023-26211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26211"
    },
    {
      "name": "CVE-2024-36505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36505"
    },
    {
      "name": "CVE-2022-45862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45862"
    },
    {
      "name": "CVE-2022-27486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27486"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0677",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-088",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-088"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-445",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-445"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-467",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-467"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-255",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-255"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-047",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-047"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-012",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-012"
    }
  ]
}

CERTFR-2024-AVI-0484

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS 6.4 toutes versions
Fortinet	FortiOS	FortiOS 6.4 versions antérieures à 6.4.15
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	FortiPAM	FortiPAM 1.0 toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.x antérieures à 7.0.7
Fortinet	FortiOS	FortiOS 6.2 toutes versions
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiOS	FortiOS 6.2 versions antérieures à 6.2.16
Fortinet	FortiPAM	FortiPAM 1.2 toutes versions
Fortinet	N/A	FortiClientWindows (IPsec VPN) sans le correctif de sécurité à venir
Fortinet	FortiOS	FortiOS versions 7.x antérieures à 7.4.4
Fortinet	FortiOS	FortiOS 6.0 toutes versions
Fortinet	N/A	FortiClientLinux toutes versions sans le correctif de sécurité à venir
Fortinet	FortiSOAR	FortiSOAR versions 7.x antérieures à 7.2.1
Fortinet	N/A	FortiClientWindows (SSL-VPN) toutes versions sans l'utilisation d'un tunnel complet avec 'exclusive-routing' activé
Fortinet	N/A	FortiClientMac toutes versions sans le correctif de sécurité à venir
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiPAM	FortiPAM 1.1 toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-495	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-170	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-036	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-471	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-128	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-460	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-423	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-356	2024-06-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS 6.4 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4 versions ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2 versions ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.2 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows (IPsec VPN) sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux toutes versions sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows (SSL-VPN) toutes versions sans l\u0027utilisation d\u0027un tunnel complet avec \u0027exclusive-routing\u0027 activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.1 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-23111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23111"
    },
    {
      "name": "CVE-2024-23110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23110"
    },
    {
      "name": "CVE-2024-31495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31495"
    },
    {
      "name": "CVE-2024-26010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26010"
    },
    {
      "name": "CVE-2023-46720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46720"
    },
    {
      "name": "CVE-2024-21754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21754"
    },
    {
      "name": "CVE-2023-23775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23775"
    },
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2024-06-12T00:00:00",
  "last_revision_date": "2024-06-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0484",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-495",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-495"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-170"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-036",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-036"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-471",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-471"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-128",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-128"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-460",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-460"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-423",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-423"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-356",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-356"
    }
  ]
}

CERTFR-2024-AVI-0404

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy 7.0.x versions antérieures à 7.0.14
Fortinet	FortiProxy	FortiProxy 7.4.x versions antérieures à 7.4.2
Fortinet	N/A	FortiWebManager 6.0.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.0.x toutes versions pour la vulnérabilité CVE-2024-23665
Fortinet	FortiNAC	FortiNAC 8.7.x toutes versions
Fortinet	FortiNAC	FortiNAC 8.8.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.2.x versions antérieures à 7.2.8
Fortinet	FortiSOAR	FortiSOAR 7.0.x toutes versions
Fortinet	N/A	FortiAuthenticator 6.6.x versions antérieures à 6.6.1
Fortinet	FortiSOAR	FortiSOAR cyops Connector versions antérieures à 2.1.0
Fortinet	FortiNAC	FortiNAC 9.4.x versions antérieures à 9.4.5
Fortinet	FortiProxy	FortiProxy 7.2.x versions antérieures à 7.2.8
Fortinet	FortiOS	FortiOS 6.4.x toutes versions
Fortinet	FortiADC	FortiADC 6.2.x toutes versions
Fortinet	FortiOS	FortiOS 6.0.x toutes versions
Fortinet	FortiADC	FortiADC 7.4.x versions antérieures à 7.4.2
Fortinet	FortiSwitchManager	FortiSwitchManager 7.0.x versions antérieures à 7.0.3
Fortinet	FortiADC	FortiADC 7.0.x toutes versions
Fortinet	FortiNAC	FortiNAC 9.2.x toutes versions
Fortinet	FortiOS	FortiOS 6.2.x toutes versions
Fortinet	N/A	FortiAuthenticator 6.4.x toutes versions
Fortinet	FortiOS	FortiOS 7.0.x versions antérieures à 7.0.13
Fortinet	FortiPortal	FortiPortal 7.0.x versions antérieures à 7.0.7
Fortinet	FortiADC	FortiADC 7.1.x toutes versions
Fortinet	FortiWeb	FortiWeb 6.3.x toutes versions
Fortinet	FortiSOAR	FortiSOAR 7.3.x versions antérieures à 7.3.1
Fortinet	FortiPAM	FortiPAM 1.1.x versions antérieures à 1.1.1
Fortinet	FortiSOAR	FortiSOAR 7.2.x toutes versions
Fortinet	FortiProxy	FortiProxy 1.1.x toutes versions
Fortinet	FortiSandbox	FortiSandbox 4.4.x versions antérieures à 4.4.5
Fortinet	N/A	FortiVoice 7.0.x versions antérieures à 7.0.2
Fortinet	FortiProxy	FortiProxy 1.2.x toutes versions
Fortinet	N/A	FortiWebManager 7.0.x versions antérieures à 7.0.5
Fortinet	N/A	FortiWebManager 6.3.x versions antérieures à 6.3.1
Fortinet	FortiProxy	FortiProxy 2.0.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.0.x versions antérieures à 7.0.9
Fortinet	FortiWeb	FortiWeb 7.4.x versions antérieures à 7.4.3
Fortinet	N/A	FortiWebManager 6.2.x versions antérieures à 6.2.5
Fortinet	N/A	FortiVoice 6.0.x toutes versions
Fortinet	N/A	FortiWebManager 7.2.x versions antérieures à 7.2.1
Fortinet	FortiWeb	FortiWeb 6.4.x toutes versions
Fortinet	FortiOS	FortiOS 7.0 toutes versions pour les vulnérabilités CVE-2023-36640 et CVE-2023-45583
Fortinet	FortiPAM	FortiPAM 1.0.x toutes versions
Fortinet	FortiOS	FortiOS 7.2.x versions antérieures à 7.2.8
Fortinet	FortiSandbox	FortiSandbox 4.2.x versions antérieures à 4.2.7
Fortinet	FortiPortal	FortiPortal 7.2.x versions antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC 9.1.x toutes versions
Fortinet	FortiPortal	FortiPortal 6.0.x versions antérieures à 6.0.15
Fortinet	N/A	FortiVoice 6.4.x versions antérieures à 6.4.9
Fortinet	N/A	FortiAuthenticator 6.5.x versions antérieures à 6.5.4
Fortinet	FortiADC	FortiADC 7.2.x versions antérieures à 7.2.4
Fortinet	FortiOS	FortiOS 7.4.x versions antérieures à 7.4.2
Fortinet	FortiSwitchManager	FortiSwitchManager 7.2.x versions antérieures à 7.2.3
Fortinet	FortiNAC	FortiNAC 7.2.x versions antérieures à 7.2.4
Fortinet	FortiProxy	FortiProxy 1.0.x toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-225 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-040 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-282 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-406 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-137 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-222 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-052 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-474 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-195 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-433 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-021 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-420 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-054 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-465 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-415 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-191 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-017 du 14 mai 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-120 du 14 mai 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy 7.0.x versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWebManager 6.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-23665",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 8.7.x toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 8.8.x toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR 7.0.x toutes versions",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator 6.6.x versions ant\u00e9rieures \u00e0 6.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR cyops Connector versions ant\u00e9rieures \u00e0 2.1.0",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 9.4.x versions ant\u00e9rieures \u00e0 9.4.5",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.2.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 9.2.x toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator 6.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0.x versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal 7.0.x versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.3.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR 7.3.x versions ant\u00e9rieures \u00e0 7.3.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.1.x versions ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR 7.2.x toutes versions",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.1.x toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.4.x versions ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice 7.0.x versions ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.2.x toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWebManager 7.0.x versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWebManager 6.3.x versions ant\u00e9rieures \u00e0 6.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 2.0.x toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x versions ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.4.x versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWebManager 6.2.x versions ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice 6.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWebManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.4.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0 toutes versions pour les vuln\u00e9rabilit\u00e9s CVE-2023-36640 et CVE-2023-45583",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0.x toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.2.x versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2.x versions ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal 7.2.x versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 9.1.x toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal 6.0.x versions ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice 6.4.x versions ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator 6.5.x versions ant\u00e9rieures \u00e0 6.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.4.x versions ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager 7.2.x versions ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 7.2.x versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.0.x toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-26007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26007"
    },
    {
      "name": "CVE-2024-27316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
    },
    {
      "name": "CVE-2023-40720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40720"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2023-48789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48789"
    },
    {
      "name": "CVE-2024-21760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21760"
    },
    {
      "name": "CVE-2023-44247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44247"
    },
    {
      "name": "CVE-2024-31493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31493"
    },
    {
      "name": "CVE-2024-23664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23664"
    },
    {
      "name": "CVE-2023-50180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50180"
    },
    {
      "name": "CVE-2024-23670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23670"
    },
    {
      "name": "CVE-2024-3302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3302"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2023-45583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45583"
    },
    {
      "name": "CVE-2024-31488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31488"
    },
    {
      "name": "CVE-2023-46714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46714"
    },
    {
      "name": "CVE-2024-23667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23667"
    },
    {
      "name": "CVE-2024-23107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23107"
    },
    {
      "name": "CVE-2024-23105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23105"
    },
    {
      "name": "CVE-2024-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
    },
    {
      "name": "CVE-2023-45586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45586"
    },
    {
      "name": "CVE-2024-23668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23668"
    },
    {
      "name": "CVE-2023-36640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36640"
    },
    {
      "name": "CVE-2024-31491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31491"
    },
    {
      "name": "CVE-2024-23665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23665"
    },
    {
      "name": "CVE-2024-30255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30255"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2024-23669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23669"
    }
  ],
  "initial_release_date": "2024-05-15T00:00:00",
  "last_revision_date": "2024-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0404",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-225 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-225"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-040 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-040"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-282 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-282"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-406 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-406"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-137 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-222 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-222"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-052 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-052"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-474 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-474"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-195 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-195"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-433 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-433"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-021 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-021"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-420 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-420"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-054 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-054"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-465 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-465"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-415 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-415"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-191 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-191"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-017 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-017"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-120 du 14 mai 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-120"
    }
  ]
}

CERTFR-2024-AVI-0108

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.3
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.3
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.4
Fortinet	FortiNAC	FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions
Fortinet	FortiProxy	FortiProxy 1.1 toutes versions
Fortinet	FortiNAC	FortiNAC versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.14 (Cette version reste affectée par la vulnérabilité CVE-2023-47537)
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.2
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiPAM	FortiPAM 1.0 toutes versions
Fortinet	FortiProxy	FortiProxy 1.2 toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.7
Fortinet	FortiPAM	FortiPAM 1.2 toutes versions
Fortinet	FortiProxy	FortiProxy 1.0 toutes versions
Fortinet	FortiClientEMS	FortiClientEMS versions 7.0.x antérieures à 7.0.11
Fortinet	FortiClientEMS	FortiClientEMS versions 7.2.x antérieures à 7.2.3
Fortinet	FortiOS	FortiOS 6.0 toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.3
Fortinet	FortiClientEMS	FortiClientEMS 6.2 et 6.4 toutes versions
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.4
Fortinet	FortiProxy	FortiProxy 7.0 toutes versions
Fortinet	FortiPAM	FortiPAM 1.1 toutes versions
Fortinet	FortiManager	FortiManager 6.2, 6.4 et 7.0 toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.14
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAnalyzer	FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-268 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-301 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-063 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-357 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-397 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-029 du 08 février 2024	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-015 du 08 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC 8.3, 8.5, 8.6, 8.7, 8.8, 9.1 et 9.2 toutes versions",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.1 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14 (Cette version reste affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2023-47537)",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.2 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.2 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 1.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS 6.2 et 6.4 toutes versions",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy 7.0 toutes versions",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.1 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer 6.2, 6.4 et 7.0 toutes versions",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45581"
    },
    {
      "name": "CVE-2023-47537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
    },
    {
      "name": "CVE-2024-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
    },
    {
      "name": "CVE-2023-26206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26206"
    },
    {
      "name": "CVE-2023-44253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44253"
    },
    {
      "name": "CVE-2024-23113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
    }
  ],
  "initial_release_date": "2024-02-09T00:00:00",
  "last_revision_date": "2024-04-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0108",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-09T00:00:00.000000"
    },
    {
      "description": "Ajout des syst\u00e8mes affect\u00e9s",
      "revision_date": "2024-02-15T00:00:00.000000"
    },
    {
      "description": "Ajout des syst\u00e8mes affect\u00e9s",
      "revision_date": "2024-04-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-268 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-268"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-301 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-063 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-063"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-357 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-357"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-397 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-397"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-029 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-029"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-015 du 08 f\u00e9vrier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-015"
    }
  ]
}

CERTFR-2024-AVI-0019

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS version 7.2.5 antérieure à 7.2.6
Fortinet	FortiPortal	FortiPortal versions 5.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiPAM	FortiPAM versions 1.x antérieures à 1.1.0
Fortinet	N/A	FortiVoice versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.2
Fortinet	N/A	FortiVoice versions 6.x antérieures à 6.4.8
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.2

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-23-490 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité FG-IR-23-395 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité FG-IR-23-219 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité FG-IR-23-408 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité FG-IR-23-315 du 09 janvier 2024	None	vendor-advisory
Bulletin de sécurité FG-IR-23-226 du 09 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS version 7.2.5 ant\u00e9rieure \u00e0 7.2.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.x ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-46712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46712"
    },
    {
      "name": "CVE-2023-37932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37932"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2023-44250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
    },
    {
      "name": "CVE-2023-48783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48783"
    },
    {
      "name": "CVE-2023-37934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37934"
    }
  ],
  "initial_release_date": "2024-01-10T00:00:00",
  "last_revision_date": "2024-01-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0019",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-490 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-490"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-395 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-395"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-219 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-219"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-408 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-408"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-315 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-315"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-226 du 09 janvier 2024",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-226"
    }
  ]
}

CERTFR-2023-AVI-1018

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.6
Fortinet	FortiMail	FortiMail 6.0.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 2.6.x toutes versions
Fortinet	N/A	FortiNDR 1.1.x toutes versions
Fortinet	FortiSandbox	FortiSandbox versions 3.0.x antérieures à 3.0.4
Fortinet	N/A	FortiTester 3.5.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.11
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS 6.4.x toutes versions
Fortinet	FortiWeb	FortiWeb 7.0.x toutes versions
Fortinet	FortiSwitch	FortiSwitch 6.2.x toutes versions
Fortinet	FortiADC	FortiADC 6.2.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	FortiRecorder	FortiRecorder 2.6.x toutes versions
Fortinet	N/A	FortiTester 3.2.x toutes versions
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet	FortiADC	FortiADC 6.0.x toutes versions
Fortinet	N/A	FortiTester 7.1.x toutes versions
Fortinet	FortiOS	FortiOS 6.0.x toutes versions
Fortinet	FortiRecorder	FortiRecorder 2.7.x toutes versions
Fortinet	FortiSandbox	FortiSandbox 3.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC 7.0.x toutes versions
Fortinet	N/A	FortiTester 2.5.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.4.x antérieures à 6.4.3
Fortinet	FortiSandbox	FortiSandbox 4.0.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiTester 3.9.x toutes versions
Fortinet	N/A	FortiTester 4.1.x toutes versions
Fortinet	N/A	FortiNDR versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSandbox	FortiSandbox 3.2.x toutes versions
Fortinet	N/A	FortiNDR 1.2.x toutes versions
Fortinet	FortiOS	FortiOS 7.0.x toutes versions
Fortinet	N/A	FortiTester 3.7.x toutes versions
Fortinet	FortiADC	FortiADC 7.1.x toutes versions
Fortinet	FortiMail	FortiMail 6.2.x toutes versions
Fortinet	N/A	FortiTester 3.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet	FortiWeb	FortiWeb 6.3.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	N/A	FortiTester 2.7.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet	N/A	FortiTester 2.3.x toutes versions
Fortinet	N/A	FortiVoice versions 6.4.x antérieures à 6.4.8
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiTester 2.8.x toutes versions
Fortinet	N/A	FortiNDR 1.3.x toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiNDR versions 7.1.x antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.1
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.10
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester 7.2.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.3
Fortinet	FortiSwitch	FortiSwitch 6.0.x toutes versions
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	N/A	FortiTester 2.9.x toutes versions
Fortinet	N/A	FortiVoice versions 6.0.x antérieures à 6.0.12
Fortinet	FortiADC	FortiADC 6.1.x toutes versions
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.13
Fortinet	FortiPAM	FortiPAM 1.0.x toutes versions
Fortinet	N/A	FortiTester 2.4.x toutes versions
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.12
Fortinet	N/A	FortiTester 4.0.x toutes versions
Fortinet	N/A	FortiTester 4.2.x toutes versions
Fortinet	N/A	FortiTester 3.1.x toutes versions
Fortinet	N/A	FortiNDR 1.5.x toutes versions
Fortinet	FortiWeb	FortiWeb 6.2.x toutes versions
Fortinet	N/A	FortiNDR 1.4.x toutes versions
Fortinet	FortiRecorder	FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.1.2
Fortinet	N/A	FortiTester 3.8.x toutes versions
Fortinet	N/A	FortiTester 3.6.x toutes versions
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.3
Fortinet	N/A	FortiTester 3.3.x toutes versions
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiTester 3.0.x toutes versions
Fortinet	N/A	FortiWLM versions 8.6.x antérieures à 8.6.6
Fortinet	FortiSandbox	FortiSandbox 4.2.x toutes versions
Fortinet	N/A	FortiTester 7.0.x toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-138 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-270 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-214 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-196 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-360 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-439 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-425 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-038 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-256 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-345 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-432 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-450 du 12 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.0.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.2.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.2.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.6.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.7.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.1.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.0.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.2.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.3.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.0.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0.x toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.2.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
    },
    {
      "name": "CVE-2023-47539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
    },
    {
      "name": "CVE-2023-40716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
    },
    {
      "name": "CVE-2023-41678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
    },
    {
      "name": "CVE-2023-46713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
    },
    {
      "name": "CVE-2023-48782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
    },
    {
      "name": "CVE-2023-41844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
    },
    {
      "name": "CVE-2023-41673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
    },
    {
      "name": "CVE-2022-27488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
    },
    {
      "name": "CVE-2023-48791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2023-45587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
    }
  ],
  "initial_release_date": "2023-12-13T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
    }
  ]
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

CVE-2025-61713 (GCVE-0-2025-61713)

Vulnerability from nvd

Published

2025-11-18 17:01

Modified

2025-11-18 19:10

Severity ?

4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE

CWE-316 - Information disclosure

Summary

A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-789

Impacted products

	Vendor	Product	Version
	Fortinet	FortiPAM	Version: 1.6.0 Version: 1.5.0 ≤ 1.5.1 Version: 1.4.0 ≤ 1.4.3 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.6.0:::::::* cpe:2.3:o:fortinet:fortipam:1.5.1:::::::* cpe:2.3:o:fortinet:fortipam:1.5.0:::::::* cpe:2.3:o:fortinet:fortipam:1.4.3:::::::* cpe:2.3:o:fortinet:fortipam:1.4.2:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T19:10:28.194971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T19:10:33.592Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "lessThanOrEqual": "1.5.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.4.3",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators\u0027 credentials via diagnose commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-316",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T17:01:18.529Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-789",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-789"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPAM version 1.7.0 or above\nUpgrade to FortiPAM version 1.6.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-61713",
    "datePublished": "2025-11-18T17:01:18.529Z",
    "dateReserved": "2025-09-30T14:50:57.841Z",
    "dateUpdated": "2025-11-18T19:10:33.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-54821 (GCVE-0-2025-54821)

Vulnerability from nvd

Published

2025-11-18 17:01

Modified

2025-11-18 20:04

Severity ?

1.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R

CWE

CWE-269 - Escalation of privilege

Summary

An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-545

Impacted products

Vendor

Product

Version

Fortinet

FortiProxy

Version: 7.6.0   ≤ 7.6.3
Version: 7.4.0   ≤ 7.4.11
Version: 7.2.0   ≤ 7.2.15
Version: 7.0.0   ≤ 7.0.22

	Fortinet	FortiOS	Version: 7.6.0 ≤ 7.6.3 Version: 7.4.0 ≤ 7.4.9 Version: 7.2.0 ≤ 7.2.12 Version: 7.0.0 ≤ 7.0.18 Version: 6.4.0 ≤ 6.4.16 cpe:2.3:o:fortinet:fortios:7.6.3:::::::* cpe:2.3:o:fortinet:fortios:7.6.2:::::::* cpe:2.3:o:fortinet:fortios:7.6.1:::::::* cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.9:::::::* cpe:2.3:o:fortinet:fortios:7.4.8:::::::* cpe:2.3:o:fortinet:fortios:7.4.7:::::::* cpe:2.3:o:fortinet:fortios:7.4.6:::::::* cpe:2.3:o:fortinet:fortios:7.4.5:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.12:::::::* cpe:2.3:o:fortinet:fortios:7.2.11:::::::* cpe:2.3:o:fortinet:fortios:7.2.10:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.18:::::::* cpe:2.3:o:fortinet:fortios:7.0.17:::::::* cpe:2.3:o:fortinet:fortios:7.0.16:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*
	Fortinet	FortiPAM	Version: 1.6.0 Version: 1.5.0 ≤ 1.5.1 Version: 1.4.0 ≤ 1.4.3 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.6.0:::::::* cpe:2.3:o:fortinet:fortipam:1.5.1:::::::* cpe:2.3:o:fortinet:fortipam:1.5.0:::::::* cpe:2.3:o:fortinet:fortipam:1.4.3:::::::* cpe:2.3:o:fortinet:fortipam:1.4.2:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T20:04:52.328701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T20:04:58.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.11",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.15",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.22",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.9",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.18",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "lessThanOrEqual": "1.5.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.4.3",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T17:01:22.231Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-545",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-545"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPAM version 1.7.0 or above\nUpgrade to FortiPAM version 1.6.1 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiOS version 7.6.4 or above\nFortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54821",
    "datePublished": "2025-11-18T17:01:22.231Z",
    "dateReserved": "2025-07-30T08:31:12.197Z",
    "dateUpdated": "2025-11-18T20:04:58.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-52963 (GCVE-0-2024-52963)

Vulnerability from nvd

Published

2025-01-14 14:08

Modified

2025-01-14 20:57

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C

CWE

CWE-787 - Denial of service

Summary

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-24-373

Impacted products

Vendor

Product

Version

Fortinet

FortiProxy

Version: 7.4.0   ≤ 7.4.5
Version: 7.2.0   ≤ 7.2.13
Version: 7.0.0   ≤ 7.0.20
Version: 2.0.0   ≤ 2.0.14

	Fortinet	FortiOS	Version: 7.6.0 Version: 7.4.0 ≤ 7.4.6 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.16 Version: 6.4.0 ≤ 6.4.15 cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.6:::::::* cpe:2.3:o:fortinet:fortios:7.4.5:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.10:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.16:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*
	Fortinet	FortiPAM	Version: 1.4.0 ≤ 1.4.2 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.4.2:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:15:33.947500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T20:57:21.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.5",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.13",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.20",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.6",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.10",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.16",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:08:31.001Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-373",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-373"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiOS version 7.6.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-52963",
    "datePublished": "2025-01-14T14:08:31.001Z",
    "dateReserved": "2024-11-18T13:36:52.465Z",
    "dateUpdated": "2025-01-14T20:57:21.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23113 (GCVE-0-2024-23113)

Vulnerability from nvd

Published

2024-02-15 13:59

Modified

2025-10-21 23:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

CWE

CWE-134 - Execute unauthorized code or commands

Summary

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-24-029

Impacted products

Vendor

Product

Version

Fortinet

FortiSwitchManager

Version: 7.2.0 ≤ 7.2.3
Version: 7.0.0 ≤ 7.0.3

Fortinet	FortiOS	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.13
Fortinet	FortiPAM	Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3
Fortinet	FortiProxy	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:51:11.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-24-029",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-24-029"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23113",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T12:58:44.488595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:24.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-09T00:00:00+00:00",
            "value": "CVE-2024-23113 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T13:59:25.313Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-24-029",
          "url": "https://fortiguard.com/psirt/FG-IR-24-029"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiPAM version 1.2.1 or above \nPlease upgrade to FortiPAM version 1.1.3 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-23113",
    "datePublished": "2024-02-15T13:59:25.313Z",
    "dateReserved": "2024-01-11T16:29:07.980Z",
    "dateUpdated": "2025-10-21T23:05:24.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-54821 (GCVE-0-2025-54821)

Vulnerability from cvelistv5

Published

2025-11-18 17:01

Modified

2025-11-18 20:04

Severity ?

1.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RC:R

CWE

CWE-269 - Escalation of privilege

Summary

An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-545

Impacted products

Vendor

Product

Version

Fortinet

FortiProxy

Version: 7.6.0   ≤ 7.6.3
Version: 7.4.0   ≤ 7.4.11
Version: 7.2.0   ≤ 7.2.15
Version: 7.0.0   ≤ 7.0.22

	Fortinet	FortiOS	Version: 7.6.0 ≤ 7.6.3 Version: 7.4.0 ≤ 7.4.9 Version: 7.2.0 ≤ 7.2.12 Version: 7.0.0 ≤ 7.0.18 Version: 6.4.0 ≤ 6.4.16 cpe:2.3:o:fortinet:fortios:7.6.3:::::::* cpe:2.3:o:fortinet:fortios:7.6.2:::::::* cpe:2.3:o:fortinet:fortios:7.6.1:::::::* cpe:2.3:o:fortinet:fortios:7.6.0:::::::* cpe:2.3:o:fortinet:fortios:7.4.9:::::::* cpe:2.3:o:fortinet:fortios:7.4.8:::::::* cpe:2.3:o:fortinet:fortios:7.4.7:::::::* cpe:2.3:o:fortinet:fortios:7.4.6:::::::* cpe:2.3:o:fortinet:fortios:7.4.5:::::::* cpe:2.3:o:fortinet:fortios:7.4.4:::::::* cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.12:::::::* cpe:2.3:o:fortinet:fortios:7.2.11:::::::* cpe:2.3:o:fortinet:fortios:7.2.10:::::::* cpe:2.3:o:fortinet:fortios:7.2.9:::::::* cpe:2.3:o:fortinet:fortios:7.2.8:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.18:::::::* cpe:2.3:o:fortinet:fortios:7.0.17:::::::* cpe:2.3:o:fortinet:fortios:7.0.16:::::::* cpe:2.3:o:fortinet:fortios:7.0.15:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.16:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::*
	Fortinet	FortiPAM	Version: 1.6.0 Version: 1.5.0 ≤ 1.5.1 Version: 1.4.0 ≤ 1.4.3 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.6.0:::::::* cpe:2.3:o:fortinet:fortipam:1.5.1:::::::* cpe:2.3:o:fortinet:fortipam:1.5.0:::::::* cpe:2.3:o:fortinet:fortipam:1.4.3:::::::* cpe:2.3:o:fortinet:fortipam:1.4.2:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54821",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T20:04:52.328701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T20:04:58.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.11",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.15",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.22",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.6.3",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.4.9",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.18",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.16",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "lessThanOrEqual": "1.5.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.4.3",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Privilege Management vulnerability [CWE-269] in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4 all versions, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T17:01:22.231Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-545",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-545"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPAM version 1.7.0 or above\nUpgrade to FortiPAM version 1.6.1 or above\nUpgrade to FortiProxy version 7.6.4 or above\nUpgrade to FortiOS version 7.6.4 or above\nFortinet remediated this issue in FortiSASE version 25.3.b and hence customers do not need to perform any action."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-54821",
    "datePublished": "2025-11-18T17:01:22.231Z",
    "dateReserved": "2025-07-30T08:31:12.197Z",
    "dateUpdated": "2025-11-18T20:04:58.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61713 (GCVE-0-2025-61713)

Vulnerability from cvelistv5

Published

2025-11-18 17:01

Modified

2025-11-18 19:10

Severity ?

4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE

CWE-316 - Information disclosure

Summary

A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.

References

URL

Tags

https://fortiguard.fortinet.com/psirt/FG-IR-25-789

Impacted products

	Vendor	Product	Version
	Fortinet	FortiPAM	Version: 1.6.0 Version: 1.5.0 ≤ 1.5.1 Version: 1.4.0 ≤ 1.4.3 Version: 1.3.0 ≤ 1.3.1 Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.6.0:::::::* cpe:2.3:o:fortinet:fortipam:1.5.1:::::::* cpe:2.3:o:fortinet:fortipam:1.5.0:::::::* cpe:2.3:o:fortinet:fortipam:1.4.3:::::::* cpe:2.3:o:fortinet:fortipam:1.4.2:::::::* cpe:2.3:o:fortinet:fortipam:1.4.1:::::::* cpe:2.3:o:fortinet:fortipam:1.4.0:::::::* cpe:2.3:o:fortinet:fortipam:1.3.1:::::::* cpe:2.3:o:fortinet:fortipam:1.3.0:::::::* cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-18T19:10:28.194971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-18T19:10:33.592Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "lessThanOrEqual": "1.5.1",
              "status": "affected",
              "version": "1.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.4.3",
              "status": "affected",
              "version": "1.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.1",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in Fortinet FortiPAM 1.6.0, FortiPAM 1.5 all versions, FortiPAM 1.4 all versions, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators\u0027 credentials via diagnose commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-316",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-18T17:01:18.529Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-789",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-789"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiPAM version 1.7.0 or above\nUpgrade to FortiPAM version 1.6.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2025-61713",
    "datePublished": "2025-11-18T17:01:18.529Z",
    "dateReserved": "2025-09-30T14:50:57.841Z",
    "dateUpdated": "2025-11-18T19:10:33.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-23113 (GCVE-0-2024-23113)

Vulnerability from cvelistv5

Published

2024-02-15 13:59

Modified

2025-10-21 23:05

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

CWE

CWE-134 - Execute unauthorized code or commands

Summary

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

References

URL

Tags

https://fortiguard.com/psirt/FG-IR-24-029

Impacted products

Vendor

Product

Version

Fortinet

FortiSwitchManager

Version: 7.2.0 ≤ 7.2.3
Version: 7.0.0 ≤ 7.0.3

Fortinet	FortiOS	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.13
Fortinet	FortiPAM	Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3
Fortinet	FortiProxy	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.8 Version: 7.0.0 ≤ 7.0.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:51:11.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-24-029",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-24-029"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiswitchmanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.3",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortios",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.6",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.13",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiproxy",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.2",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.8",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.15",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortipam",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "1.1.2",
                "status": "affected",
                "version": "1.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "1.0.3",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "semver"
              },
              {
                "status": "affected",
                "version": "1.2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23113",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-09T12:58:44.488595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-09",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:24.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23113"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-10-09T00:00:00+00:00",
            "value": "CVE-2024-23113 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.6",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.15",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T13:59:25.313Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-24-029",
          "url": "https://fortiguard.com/psirt/FG-IR-24-029"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiPAM version 1.2.1 or above \nPlease upgrade to FortiPAM version 1.1.3 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.16 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-23113",
    "datePublished": "2024-02-15T13:59:25.313Z",
    "dateReserved": "2024-01-11T16:29:07.980Z",
    "dateUpdated": "2025-10-21T23:05:24.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Refine your search

21 vulnerabilities found for FortiPAM by Fortinet

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

CVE-2025-61713 (GCVE-0-2025-61713)

Vulnerability from nvd

CVE-2025-54821 (GCVE-0-2025-54821)

Vulnerability from nvd

CVE-2024-52963 (GCVE-0-2024-52963)

Vulnerability from nvd

CVE-2024-23113 (GCVE-0-2024-23113)

Vulnerability from nvd

CVE-2025-54821 (GCVE-0-2025-54821)

Vulnerability from cvelistv5

CVE-2025-61713 (GCVE-0-2025-61713)

Vulnerability from cvelistv5

CVE-2024-23113 (GCVE-0-2024-23113)

Vulnerability from cvelistv5