Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

CERTFR-2025-AVI-0871

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiDLP	FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet	FortiADC	FortiADC toutes versions 6.2.x et 7.0.x
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiTester	FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet	FortiVoice	FortiVoice versions 6.0.7 à 6.0.12
Fortinet	FortiClient	FortiClientMac toutes versions 7.0.x
Fortinet	FortiSOAR	FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet	FortiPAM	FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet	FortiSRA	FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet	FortiWeb	FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiDLP	FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet	FortiManager	FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet	FortiNDR	FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet	FortiManager	FortiManager Cloud toutes versions 6.4.x
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiSIEM	FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet	FortiSRA	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet	FortiClient	FortiClientWindows toutes versions 7.0.x
Fortinet	FortiIsolator	FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet	FortiTester	FortiTester version 7.4 antérieures à 7.4.3
Fortinet	FortiVoice	FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet	FortiOS	FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiIsolator	FortiIsolator toutes versions 2.3.x
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet	FortiProxy	FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet	FortiAnalyzer	FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet	FortiManager	FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-372	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546	2025-10-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653	2025-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0679

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Fortinet indique avoir connaissance de code d'exploitation public pour la vulnérabilité CVE-2025-25256.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.3
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 7.1.x antérieures à 7.1.8
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiManager	FortiManager versions antérieures à 7.0.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.4.7
Fortinet	FortiNDR	FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.4
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.11
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.5.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.4.8
Fortinet	FortiPAM	FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet	FortiCamera	FortiCamera versions 2.1.x toutes versions
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.11
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.4.3
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.9
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.10
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.3
Fortinet	FortiSIEM	FortiSIEM versions 7.3.x antérieures à 7.3.2
Fortinet	FortiSIEM	FortiSIEM versions 7.2.x antérieures à 7.2.6
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.7.10
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.4
Fortinet	FortiCamera	FortiCamera versions antérieures à 2.0.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.2
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiSOAR	FortiSOAR versions 7.6.x antérieures à 7.6.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-25-501	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-421	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-173	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-152	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-042	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-150	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-383	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-364	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-253	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-309	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-513	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-448	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-473	2025-08-12	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-209	2025-08-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.1.x ant\u00e9rieures \u00e0 7.1.8",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions 2.1.x toutes versions",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions  ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.7.10",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25248"
    },
    {
      "name": "CVE-2025-47857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47857"
    },
    {
      "name": "CVE-2025-32766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32766"
    },
    {
      "name": "CVE-2024-48892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48892"
    },
    {
      "name": "CVE-2025-53744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53744"
    },
    {
      "name": "CVE-2024-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52964"
    },
    {
      "name": "CVE-2025-49813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49813"
    },
    {
      "name": "CVE-2025-25256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25256"
    },
    {
      "name": "CVE-2025-52970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52970"
    },
    {
      "name": "CVE-2025-27759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27759"
    },
    {
      "name": "CVE-2025-32932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32932"
    },
    {
      "name": "CVE-2024-26009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26009"
    },
    {
      "name": "CVE-2024-40588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40588"
    },
    {
      "name": "CVE-2023-45584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45584"
    }
  ],
  "initial_release_date": "2025-08-13T00:00:00",
  "last_revision_date": "2025-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0679",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique avoir connaissance de code d\u0027exploitation public pour la vuln\u00e9rabilit\u00e9 CVE-2025-25256.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-501",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-501"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-421",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-421"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-173",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-173"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-152"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-042",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-042"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-150",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-150"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-383",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-383"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-364",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-364"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-253",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-253"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-309",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-309"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-513",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-513"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-448",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-448"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-473"
    },
    {
      "published_at": "2025-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-209",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-209"
    }
  ]
}

CERTFR-2025-AVI-0197

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiMail	FortiMail versions antérieures à 7.4.4
Fortinet	FortiNDR	FortiNDR versions 7.1.x antérieures à 7.1.2
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.4
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.6
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.20
Fortinet	N/A	FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.3
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.3.2
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.13
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.7
Fortinet	FortiPAM	FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiMail	FortiMail versions 7.6.x antérieures à 7.6.2
Fortinet	FortiProxy	FortiProxy versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.4.x antérieures à 7.4.2
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.0.6
Fortinet	FortiNDR	FortiNDR versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.6.1
Fortinet	FortiOS	FortiOS versions antérieures à 6.4.16
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiIsolator versions 2.4.x antérieures à 2.4.6
Fortinet	FortiSandbox	FortiSandbox versions 5.0.x antérieures à 5.0.1
Fortinet	FortiADC	FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-261	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-130	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-439	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-327	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-124	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-306	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-216	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-110	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-117	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-377	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-353	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-305	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-178	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-115	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-325	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-331	2025-03-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.3.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.4.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54026"
    },
    {
      "name": "CVE-2024-45328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45328"
    },
    {
      "name": "CVE-2024-46663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46663"
    },
    {
      "name": "CVE-2024-54018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54018"
    },
    {
      "name": "CVE-2024-54027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54027"
    },
    {
      "name": "CVE-2023-42784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42784"
    },
    {
      "name": "CVE-2023-48790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48790"
    },
    {
      "name": "CVE-2024-32123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32123"
    },
    {
      "name": "CVE-2024-55590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55590"
    },
    {
      "name": "CVE-2024-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52960"
    },
    {
      "name": "CVE-2023-40723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40723"
    },
    {
      "name": "CVE-2023-37933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37933"
    },
    {
      "name": "CVE-2024-55597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55597"
    },
    {
      "name": "CVE-2024-55592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55592"
    },
    {
      "name": "CVE-2024-33501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33501"
    },
    {
      "name": "CVE-2024-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52961"
    },
    {
      "name": "CVE-2024-45324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45324"
    },
    {
      "name": "CVE-2024-55594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55594"
    }
  ],
  "initial_release_date": "2025-03-12T00:00:00",
  "last_revision_date": "2025-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0197",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-261"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-130",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-130"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-439",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-439"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-327",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-327"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-124",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-124"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-306",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-306"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-216"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-110",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-110"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-117",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-117"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-377",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-377"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-353"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-305",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-305"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-178",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-178"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-115",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-115"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-325",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-325"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-331",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-331"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-353",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-353"
    }
  ]
}

CERTFR-2025-AVI-0120

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPAM	FortiPAM versions 1.1.x antérieures à 1.2.0
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.1
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.14
Fortinet	FortiWeb	FortiWeb versions antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitchManager versions 7.0.x antérieures à 7.0.3
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiSwitch	FortiSwitchManager versions 7.2.x antérieures à 7.2.3
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.7
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.2.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.1
Fortinet	FortiClient	FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.8
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.10
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x, 7.0.x et 7.1.x
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.8
Fortinet	FortiClient	FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiClient	FortiClientMac versions 7.0.x antérieures à 7.0.13
Fortinet	FortiPortal	FortiPortal versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiClient	FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet	FortiManager	FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.2.6
Fortinet	FortiClient	FortiClientWindows versions 7.0.x antérieures à 7.0.14

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-24-438	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-220	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-261	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-324	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-094	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-302	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-160	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-300	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-147	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-063	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-279	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-311	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-422	2025-02-10	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-015	2025-02-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
    },
    {
      "name": "CVE-2024-40586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
    },
    {
      "name": "CVE-2024-50569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
    },
    {
      "name": "CVE-2023-40721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
    },
    {
      "name": "CVE-2024-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
    },
    {
      "name": "CVE-2024-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
    },
    {
      "name": "CVE-2024-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
    },
    {
      "name": "CVE-2024-36508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
    },
    {
      "name": "CVE-2024-40585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
    },
    {
      "name": "CVE-2025-24470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
    },
    {
      "name": "CVE-2024-35279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
    },
    {
      "name": "CVE-2024-40591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
    },
    {
      "name": "CVE-2024-33504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
    },
    {
      "name": "CVE-2024-40584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
    },
    {
      "name": "CVE-2024-52966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
    }
  ],
  "initial_release_date": "2025-02-12T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
    }
  ]
}

CERTFR-2025-AVI-0031

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.2.5
Fortinet	FortiDDoS-F	FortiDDoS-F versions antérieures à 6.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet	FortiOS	FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet	FortiRecorder	FortiRecorder versions antérieures à 7.0.5
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet	FortiSOAR	FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet	FortiSOAR	Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.16
Fortinet	FortiPortal	FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet	FortiWLC	FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet	FortiClient	FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiClient	FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet	FortiClient	FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet	FortiPortal	FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet	FortiClient	FortiClientMac versions antérieures à 7.4.0
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet	FortiMail	FortiMail versions 6.4x antérieures à 6.4.8
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet	FortiManager	FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet	FortiSwitch	FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet	FortiWeb	FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet	FortiAP-W2	FortiAP-W2 versions antérieures à 7.2.4
Fortinet	FortiClient	FortiClientEMS versions antérieures à 7.2.5
Fortinet	FortiVoice	FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet	FortiSwitch	FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.5.1
Fortinet	FortiAP	FortiAP versions antérieures à 7.2.4
Fortinet	FortiSwitch	FortiSwitch versions antérieures à 6.2.8
Fortinet	FortiClient	FortiClientWindows versions antérieures à 7.4.1
Fortinet	FortiSOAR	FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet	FortiAnalyzer	FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 6.0.1
Fortinet	FortiAP-S	FortiAP-S versions antérieures à 6.4.10
Fortinet	FortiVoiceEnterprise	FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet	FortiAuthenticator	FortiAuthenticator versions antérieures à 6.3.3
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet	FortiProxy	FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet	FortiOS	FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet	FortiWeb	FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet	FortiManager	FortiManager Cloud versions antérieures à 7.0.13
Fortinet	FortiSandbox	FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet	FortiAP	FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.2.5
Fortinet	FortiSwitch	FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet	FortiNDR	FortiNDR versions antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet	FortiAnalyzer	FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiNDR	FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet	FortiProxy	FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet	FortiClient	FortiClientLinux versions antérieures à 7.4.0
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.1.6
Fortinet	FortiSandbox	FortiSandbox versions antérieures à 4.0.5
Fortinet	FortiAP-W2	FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiProxy	FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet	FortiSwitch	FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet	FortiTester	FortiTester versions antérieures à 7.2.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet	FortiAuthenticator	FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet	FortiVoice	FortiVoice versions antérieures à 6.4.10
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet	FortiSOAR	FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet	FortiRecorder	FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-258	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189	2025-01-15	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293	2025-01-14	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

CERTFR-2024-AVI-0106

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Fortinet FortiSIEM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiSIEM	FortiSIEM 6.4.x versions antérieures à 6.4.4
Fortinet	FortiSIEM	FortiSIEM 7.0.x versions antérieures à 7.0.3
Fortinet	FortiSIEM	FortiSIEM 6.5.x versions antérieures à 6.5.3
Fortinet	FortiSIEM	FortiSIEM 6.7.x versions antérieures à 6.7.9
Fortinet	FortiSIEM	FortiSIEM 6.6.x versions antérieures à 6.6.5
Fortinet	FortiSIEM	FortiSIEM 7.1.x versions antérieures à 7.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet du 10 octobre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM 6.4.x versions ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM 7.0.x versions ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM 6.5.x versions ant\u00e9rieures \u00e0 6.5.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM 6.7.x versions ant\u00e9rieures \u00e0 6.7.9",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM 6.6.x versions ant\u00e9rieures \u00e0 6.6.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM 7.1.x versions ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-23108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23108"
    },
    {
      "name": "CVE-2023-34992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34992"
    },
    {
      "name": "CVE-2024-23109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23109"
    }
  ],
  "initial_release_date": "2024-02-08T00:00:00",
  "last_revision_date": "2024-02-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0106",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Fortinet FortiSIEM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 10 octobre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-130"
    }
  ]
}

CERTFR-2023-AVI-0973

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2
Fortinet	N/A	FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.10
Fortinet	FortiOS	FortiOS versions antérieures à 7.0.13
Fortinet	FortiProxy	FortiProxy versions 2.0.x
Fortinet	FortiSIEM	FortiSIEM versions 6.7.x antériéures à 6.7.6
Fortinet	FortiMail	FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet	N/A	FortiClientWindows versions 6.x antérieures à 6.4.9
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.2
Fortinet	FortiMail	FortiMail versions antérieures à 7.0.7
Fortinet	N/A	FortiWLM version 8.x antérieures à 8.5.5
Fortinet	FortiDDoS	FortiDDOS-F versions 6.5.x antérieures à 6.5.1
Fortinet	N/A	FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016
Fortinet	FortiGate	Fortigate FGT_VM64 versions 7.x antérieures 7.2.7
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.4.x antérieures à 7.4.1
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.4.3
Fortinet	FortiManager	FortiManager versions antérieures à 7.2.4
Fortinet	FortiSIEM	FortiSIEM versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.6
Fortinet	N/A	FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581
Fortinet	FortiOS	FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet	FortiADC	FortiADC versions antérieures à 7.1.3
Fortinet	FortiDDoS	FortiDDOS-F versions antérieures à 6.4.2
Fortinet	FortiManager	FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet	FortiWAN	FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur)
Fortinet	FortiProxy	FortiProxy versions 7.2.x
Fortinet	FortiSIEM	FortiSIEM versions 6.6.x antériéures à 6.6.4
Fortinet	N/A	FortiWLM version 8.6.x antérieures à 8.6.6
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 7.2.4
Fortinet	FortiProxy	FortiProxy versions 7.0.x

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-299 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-306 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-274 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-385 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-518 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-292 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-108 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-290 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-287 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-064 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-135 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-177 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-061 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-151 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-396 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-143 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-142 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-203 du 14 novembre 2023	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-265 du 14 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
      "product": {
        "name": "FortiWAN",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
    },
    {
      "name": "CVE-2023-41676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
    },
    {
      "name": "CVE-2023-25603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
    },
    {
      "name": "CVE-2023-36641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-33304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
    },
    {
      "name": "CVE-2023-26205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
    },
    {
      "name": "CVE-2023-28002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
    },
    {
      "name": "CVE-2023-40719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
    },
    {
      "name": "CVE-2023-29177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
    },
    {
      "name": "CVE-2023-44248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
    },
    {
      "name": "CVE-2023-41840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
    },
    {
      "name": "CVE-2023-42783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
    },
    {
      "name": "CVE-2022-40681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
    },
    {
      "name": "CVE-2023-44252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
    },
    {
      "name": "CVE-2023-36553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
    },
    {
      "name": "CVE-2023-44251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
    },
    {
      "name": "CVE-2023-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
    },
    {
      "name": "CVE-2023-34991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    }
  ],
  "initial_release_date": "2023-11-22T00:00:00",
  "last_revision_date": "2023-11-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
    }
  ]
}

CERTFR-2023-AVI-0451

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.10
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 7.0.0
Fortinet	FortiWeb	FortiWeb versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiConverter versions 6.x antérieures à 6.2.2
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.1.x antérieures à 9.1.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.12
Fortinet	N/A	FortiADCManager versions 5.x à 7.0.x antérieures à 7.0.1
Fortinet	FortiNAC	FortiNAC versions 9.2.x antérieures à 9.2.8
Fortinet	FortiNAC	FortiNAC versions 9.4.x antérieures à 9.4.3
Fortinet	FortiOS	FortiOS versions 6.x à 7.0.x antérieures à 7.0.12
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.12
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.2
Fortinet	N/A	FortiClientWindows versions 6.4.x antérieures à 6.4.9
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.7
Fortinet	N/A	FortiConverter versions 7.0.x antérieures à 7.0.1
Fortinet	FortiOS	FortiOS-6K7K versions 6.0.x antérieures à 6.0.17
Fortinet	FortiNAC	FortiNAC-F versions 7.2.x antérieures à 7.2.1
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet	FortiOS	FortiOS-6K7K versions 6.2.x antérieures à 6.2.15
Fortinet	FortiWeb	FortiWeb versions 6.x à 7.0.x antérieures à 7.0.7
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.2
Fortinet	FortiOS	FortiOS-6K7K versions 6.4.x antérieures à 6.4.13
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet	FortiOS	FortiOS-6K7K versions 7.0.x antérieures à 7.0.12
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 5.x à 7.1.x antérieures à 7.1.3
Fortinet	N/A	FortiClientWindows versions 7.0.x antérieures à 7.0.7
Fortinet	FortiADC	FortiADC versions 7.2.x antérieures à 7.2.1
Fortinet	N/A	FortiADCManager versions antérieures à 7.1.1
Fortinet	FortiPAM	FortiPAM versions antérieures à 1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-380 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-076 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-494 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-21-141 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-111 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-521 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-229 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-125 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-097 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-107 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-259 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-468 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-258 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-095 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-463 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-119 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-393 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-375 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-455 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-493 du 12 juin 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-332 du 12 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.8",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.3",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiConverter versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.0.x ant\u00e9rieures \u00e0 6.0.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 7.1.x ant\u00e9rieures \u00e0 7.1.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADCManager versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions ant\u00e9rieures \u00e0 1.0.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25609"
    },
    {
      "name": "CVE-2023-22633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22633"
    },
    {
      "name": "CVE-2022-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39946"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2022-42478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42478"
    },
    {
      "name": "CVE-2022-33877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33877"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-26210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26210"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2022-43949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43949"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2023-26204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26204"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-28000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28000"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0451",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-380 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-380"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-076 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-076"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-494 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-494"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-21-141 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-141"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-111 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-521 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-521"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-229 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-229"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-125 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-125"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-097 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-097"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-107 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-107"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-259 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-259"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-468 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-258 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-095 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-095"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-463 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-463"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-119 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-119"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-393 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-393"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-375 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-375"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-455 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-455"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-493 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-493"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-332 du 12 juin 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-332"
    }
  ]
}

CERTFR-2023-AVI-0304

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiADC	FortiADC versions 5.x à 7.0.x antérieures à 7.0.4
Fortinet	FortiSandbox	FortiSandbox versions 4.2.x antérieures à 4.2.3
Fortinet	FortiSandbox	FortiSandbox versions 3.x antérieures à 3.2.4
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.2
Fortinet	FortiNAC	FortiNAC versions 8.x à 9.x antérieures à 9.4.2
Fortinet	FortiSandbox	FortiSandbox versions 4.0.x antérieures à 4.0.3
Fortinet	FortiNAC	FortiNAC-F versions antérieures à 7.2.0
Fortinet	FortiWeb	FortiWeb versions antérieures à 6.3.22
Fortinet	FortiManager	FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet	FortiWeb	FortiWeb versions 7.0.x antérieures à 7.0.4
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.6
Fortinet	FortiDDoS	FortiDDoS-F versions 6.2.x antérieures à 6.2.3
Fortinet	FortiOS	FortiOS versions 6.x antérieures à 6.4.13
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.0.9
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.11
Fortinet	FortiDDoS	FortiDDoS-F versions 6.1.x antérieures à 6.1.5
Fortinet	FortiDDoS	FortiDDoS-F versions 6.3.x antérieures à 6.3.4
Fortinet	FortiDDoS	FortiDDoS-F versions 6.4.x antérieures à 6.4.1
Fortinet	N/A	FortiPresence versions antérieures à 2.0.0
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.3.3
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.7
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.4.1
Fortinet	N/A	FortiAuthenticator versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiAuthenticator versions 6.1.x à 6.3.x antérieures à 6.3.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.1.x antérieures à 4.1.1
Fortinet	FortiProxy	FortiProxy versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiClientMac versions 6.x à 7.x antérieures à 7.0.8
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet	FortiSOAR	FortiSOAR versions 7.3.x antérieures à 7.3.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.8 à 6.4.x antérieures à 6.4.11
Fortinet	FortiDDoS	FortiDDoS versions 4.x à 5.x antérieures à 5.7.0
Fortinet	FortiManager	FortiManager versions 6.4.8 à 6.4.x antérieures à 6.4.11
Fortinet	N/A	FortiClientWindows versions 6.x à 7.x antérieures à 7.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité FG-IR-22-428 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-479 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-502 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-363 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-429 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-186 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-432 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-23-051 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-056 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-409 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-355 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-060 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-481 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-335 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-050 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-439 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-444 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-320 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-381 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-336 du 11 avril 2023	None	vendor-advisory
Bulletin de sécurité FG-IR-22-275 du 11 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiADC versions 5.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.x ant\u00e9rieures \u00e0 3.2.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 6.3.22",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.2.x ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.1.x ant\u00e9rieures \u00e0 6.1.5",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPresence versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.1.x \u00e0 6.3.x ant\u00e9rieures \u00e0 6.3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions 4.x \u00e0 5.x ant\u00e9rieures \u00e0 5.7.0",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.8 \u00e0 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35850"
    },
    {
      "name": "CVE-2022-40679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40679"
    },
    {
      "name": "CVE-2022-43946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43946"
    },
    {
      "name": "CVE-2022-43952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43952"
    },
    {
      "name": "CVE-2022-27487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27487"
    },
    {
      "name": "CVE-2023-27995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27995"
    },
    {
      "name": "CVE-2023-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
    },
    {
      "name": "CVE-2022-40682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40682"
    },
    {
      "name": "CVE-2022-43947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2023-22642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22642"
    },
    {
      "name": "CVE-2022-27485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27485"
    },
    {
      "name": "CVE-2022-42469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
    },
    {
      "name": "CVE-2022-42470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42470"
    },
    {
      "name": "CVE-2022-43951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43951"
    },
    {
      "name": "CVE-2022-41331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41331"
    },
    {
      "name": "CVE-2022-42477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42477"
    },
    {
      "name": "CVE-2022-41330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
    },
    {
      "name": "CVE-2022-43948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43948"
    },
    {
      "name": "CVE-2022-43955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43955"
    },
    {
      "name": "CVE-2023-22635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22635"
    }
  ],
  "initial_release_date": "2023-04-12T00:00:00",
  "last_revision_date": "2023-04-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0304",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-428 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-428"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-479 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-479"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-502 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-502"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-363 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-363"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-429 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-429"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-186 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-186"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-432 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-23-051 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-056 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-409 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-409"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-355 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-355"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-060 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-060"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-481 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-481"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-335 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-335"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-050 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-050"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-439 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-444 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-444"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-320 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-320"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-381 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-381"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-336 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-336"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-22-275 du 11 avril 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-275"
    }
  ]
}

CERTFR-2022-AVI-973

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiDeceptor	FortiDeceptor versions 4.0.x antérieures à 4.0.3
Fortinet	N/A	FortiClientMac versions 7.0.x antérieures à 7.0.6
Fortinet	FortiOS	FortiOS versions 6.4.x antérieures à 6.4.10
Fortinet	FortiDeceptor	FortiDeceptor versions 4.1.x antérieures à 4.1.2
Fortinet	FortiManager	FortiManager versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.1.x antérieures à 7.1.1
Fortinet	FortiADC	FortiADC versions 7.1.x antérieures à 7.1.1
Fortinet	FortiAnalyzer	FortiAnalyzer versions 7.0.x antérieures à 7.0.5
Fortinet	N/A	FortiTester versions 7.2.x antérieures à 7.2.0
Fortinet	FortiSOAR	FortiSOAR versions 7.2.x antérieures à 7.2.3
Fortinet	N/A	FortiEDR CollectorWindows versions 5.0.x.x antérieures à 5.0.3.912
Fortinet	FortiManager	FortiManager versions 6.4.x antérieures à 6.4.9
Fortinet	FortiOS	FortiOS versions 7.2.x antérieures à 7.2.2
Fortinet	FortiADC	FortiADC versions 7.0.x antérieures à 7.0.3
Fortinet	FortiMail	FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet	N/A	FortiTester versions 4.2.x antérieures à 4.2.1
Fortinet	N/A	AV engine versions 6.4.x antérieures à 6.4.275
Fortinet	FortiADC	FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet	FortiDeceptor	FortiDeceptor versions 4.2.x antérieures à 4.2.1
Fortinet	FortiSIEM	FortiSIEM versions 6.5.x antérieures à 6.5.0
Fortinet	N/A	AV engine versions 6.2.x antérieures à 6.2.169
Fortinet	FortiAnalyzer	FortiAnalyzer versions 6.4.x antérieures à 6.4.9
Fortinet	N/A	FortiTester versions 3.9.x antérieures à 3.9.2
Fortinet	FortiMail	FortiMail versions 7.2.x antérieures à 7.2.1
Fortinet	FortiMail	FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet	N/A	FortiEDR CollectorWindows versions 5.2.x.x antérieures à 5.2.0.2288
Fortinet	FortiOS	FortiOS versions 7.0.x antérieures à 7.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-22-331 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-223 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-234 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-314 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-228 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-232 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-218 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-066 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-216 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-174 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-074 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-070 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-064 du 01 novembre 2022	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-246 du 01 novembre 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.1.x ant\u00e9rieures \u00e0 4.1.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 7.2.x ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.0.x.x ant\u00e9rieures \u00e0 5.0.3.912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.4.x ant\u00e9rieures \u00e0 6.4.275",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "AV engine versions 6.2.x ant\u00e9rieures \u00e0 6.2.169",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions 3.9.x ant\u00e9rieures \u00e0 3.9.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR CollectorWindows versions 5.2.x.x ant\u00e9rieures \u00e0 5.2.0.2288",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-26122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26122"
    },
    {
      "name": "CVE-2022-35842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35842"
    },
    {
      "name": "CVE-2022-38374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38374"
    },
    {
      "name": "CVE-2022-38380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38380"
    },
    {
      "name": "CVE-2022-26119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26119"
    },
    {
      "name": "CVE-2022-35851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35851"
    },
    {
      "name": "CVE-2022-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39945"
    },
    {
      "name": "CVE-2022-38373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38373"
    },
    {
      "name": "CVE-2022-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33870"
    },
    {
      "name": "CVE-2022-33878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33878"
    },
    {
      "name": "CVE-2022-30307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30307"
    },
    {
      "name": "CVE-2022-38381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38381"
    },
    {
      "name": "CVE-2022-39950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39950"
    },
    {
      "name": "CVE-2022-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39949"
    },
    {
      "name": "CVE-2022-42473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42473"
    }
  ],
  "initial_release_date": "2022-11-02T00:00:00",
  "last_revision_date": "2022-11-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-973",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-331 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-331"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-223 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-223"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-234 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-234"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-314 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-314"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-228 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-232 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-218 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-066 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-066"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-216 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-174 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-174"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-074 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-074"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-070 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-070"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-064 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-064"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-246 du 01 novembre 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-246"
    }
  ]
}

CERTFR-2021-AVI-907

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM Windows Agent versions antérieures à 4.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-21-176 du 02 novembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-41022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41022"
    }
  ],
  "initial_release_date": "2021-11-29T00:00:00",
  "last_revision_date": "2021-11-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-907",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-176 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-176"
    }
  ]
}

CERTFR-2021-AVI-845

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	N/A	FortiClientMac versions antérieures à 6.4.6, 7.0.1
Fortinet	FortiADC	FortiADC versions antérieures à 5.4.4, 6.0.1
Fortinet	FortiSIEM	FortiSIEM Windows Agent versions antérieures à 4.1.5
Fortinet	N/A	FortiClientWindows versions antérieures à 6.4.3, 7.0.2
Fortinet	FortiAnalyzer	FortiAnalyzer versions antérieures à 6.0.7, 6.4.5
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 6.3.0
Fortinet	FortiClientEMS	FortiClientEMS versions antérieures à 6.4.2, 7.0.0
Fortinet	FortiDDoS	FortiDDoS-F versions antérieures à 6.2.0
Fortinet	FortiPortal	FortiPortal versions antérieures à 5.2.7, 5.3.7, 6.0.6, 7.0.0
Fortinet	FortiDDoS	FortiDDoS versions antérieures à 5.5.0
Fortinet	FortiManager	FortiManager versions antérieures à 6.4.7, 7.0.2
Fortinet	FortiGate	FortiGate versions antérieures à 6.4.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-092 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-043 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-079 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-096 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-104 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-044 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-103 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-102 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-100 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-109 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-074 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-067 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-079 du 02 novembre 2021	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-175 du 02 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 6.4.6, 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 5.4.4, 6.0.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM Windows Agent versions ant\u00e9rieures \u00e0 4.1.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 6.4.3, 7.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 6.0.7, 6.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.3.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 6.4.2, 7.0.0",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions ant\u00e9rieures \u00e0 5.2.7, 5.3.7, 6.0.6, 7.0.0",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.0",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.4.7, 7.0.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12814"
    },
    {
      "name": "CVE-2021-26107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26107"
    },
    {
      "name": "CVE-2021-36176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36176"
    },
    {
      "name": "CVE-2020-15940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15940"
    },
    {
      "name": "CVE-2021-42754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42754"
    },
    {
      "name": "CVE-2020-15935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15935"
    },
    {
      "name": "CVE-2021-36174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36174"
    },
    {
      "name": "CVE-2021-36192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36192"
    },
    {
      "name": "CVE-2021-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36183"
    },
    {
      "name": "CVE-2021-36172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36172"
    },
    {
      "name": "CVE-2021-41019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41019"
    },
    {
      "name": "CVE-2021-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36181"
    },
    {
      "name": "CVE-2021-32595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32595"
    }
  ],
  "initial_release_date": "2021-11-04T00:00:00",
  "last_revision_date": "2021-11-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-845",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-11-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-092 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-092"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-043 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-043"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-079 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-079"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-096 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-096"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-104 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-104"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-044 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-044"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-103 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-103"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-102 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-100 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-100"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-109 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-109"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-074 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-074"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-067 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-067"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-079 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-079"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-175 du 02 novembre 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-175"
    }
  ]
}

CERTFR-2020-AVI-384

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiDeceptor	FortiDeceptor versions antérieures à 3.1.0
Fortinet	N/A	FortiWLC versions antérieures à 8.5.2
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-20-016 du 21 juin 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-041 du 21 juin 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-006 du 21 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.1.0",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions ant\u00e9rieures \u00e0 8.5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.3.0",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-9288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9288"
    },
    {
      "name": "CVE-2015-0279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0279"
    },
    {
      "name": "CVE-2020-6644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6644"
    }
  ],
  "initial_release_date": "2020-06-22T00:00:00",
  "last_revision_date": "2020-06-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-384",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-016 du 21 juin 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-20-016"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-041 du 21 juin 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-20-041"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-006 du 21 juin 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-20-006"
    }
  ]
}

CERTFR-2020-AVI-146

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiManager	FortiManager versions antérieures à 6.2.2
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.6
Fortinet	FortiWeb	FortiWeb versions 6.3.x antérieures à 6.3.1
Fortinet	FortiWeb	FortiWeb versions 6.1.x antérieures à 6.1.2
Fortinet	N/A	FortiPresence versions antérieures à 2.0.1
Fortinet	FortiWeb	FortiWeb versions 6.2.x antérieures à 6.2.1
Fortinet	FortiWeb	FortiWeb versions antérieures à 6.0.6
Fortinet	N/A	FortiIsolator versions antérieures à 2.0.0
Fortinet	FortiADC	FortiADC versions antérieures à 5.3.4
Fortinet	FortiWeb	FortiWeb versions antérieures à 6.2.3
Fortinet	FortiClient	FortiClient pour Windows versions antérieures à 6.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-220 du 09 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-271 du 11 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-270 du 09 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-240 du 12 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-001 du 09 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-281 du 09 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-258 du 09 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-269 du 11 mars 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-265 du 09 mars 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPresence versions ant\u00e9rieures \u00e0 2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 6.0.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 5.3.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClient pour Windows versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-16157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16157"
    },
    {
      "name": "CVE-2019-6699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6699"
    },
    {
      "name": "CVE-2020-6646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6646"
    },
    {
      "name": "CVE-2019-17658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17658"
    },
    {
      "name": "CVE-2020-6643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6643"
    },
    {
      "name": "CVE-2020-6642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6642"
    },
    {
      "name": "CVE-2019-16158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16158"
    },
    {
      "name": "CVE-2020-6641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6641"
    },
    {
      "name": "CVE-2019-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16156"
    }
  ],
  "initial_release_date": "2020-03-12T00:00:00",
  "last_revision_date": "2020-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-146",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-220 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-220"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-271 du 11 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-271"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-270 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-240 du 12 mars 2020",
      "url": "https://fortiguard.com/psirt/%20FG-IR-19-240"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-001 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-20-001"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-281 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-281"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-258 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-269 du 11 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-269"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-265 du 09 mars 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-265"
    }
  ]
}

CERTFR-2020-AVI-058

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.6
	Fortinet	FortiOS	FortiOS versions antérieures à 6.2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-197 du 27 janvier 2020	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-19-217 du 27 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17651"
    },
    {
      "name": "CVE-2019-17655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17655"
    }
  ],
  "initial_release_date": "2020-01-28T00:00:00",
  "last_revision_date": "2020-01-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-197 du 27 janvier 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-197"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-217 du 27 janvier 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-217"
    }
  ]
}

CERTFR-2020-AVI-040

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-296 du 15 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.7",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17659"
    }
  ],
  "initial_release_date": "2020-01-16T00:00:00",
  "last_revision_date": "2020-01-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-040",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-296 du 15 janvier 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-296"
    }
  ]
}

CERTFR-2020-AVI-020

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.6

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-195 du 13 janvier 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-16153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16153"
    }
  ],
  "initial_release_date": "2020-01-14T00:00:00",
  "last_revision_date": "2020-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-195 du 13 janvier 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-195"
    }
  ]
}

CERTFR-2019-AVI-487

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.5

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-100 du 08 octobre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.5",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-6700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6700"
    }
  ],
  "initial_release_date": "2019-10-08T00:00:00",
  "last_revision_date": "2019-10-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-487",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSIEM. Elle permet\n\u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSIEM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-100 du 08 octobre 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-100"
    }
  ]
}

CERTFR-2019-AVI-137

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions antérieures à 5.6.6
Fortinet	FortiSIEM	FortiSIEM versions antérieures à 5.2.1
Fortinet	FortiOS	FortiOS versions 6.0.x antérieures à 6.0.4

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-19-043 du 29 mars 2019	None	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-18-382 du 29 mars 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 5.6.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x ant\u00e9rieures \u00e0 6.0.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-13378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13378"
    }
  ],
  "initial_release_date": "2019-04-01T00:00:00",
  "last_revision_date": "2019-04-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-137",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-04-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-043 du 29 mars 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-043"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-382 du 29 mars 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-18-382"
    }
  ]
}

Refine your search

19 vulnerabilities found for FortiSIEM by Fortinet

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution