Refine your search
4 vulnerabilities found for FortiWAN by Fortinet
CERTFR-2023-AVI-0973
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.4.x antérieures à 7.4.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiClientWindows versions 7.0.x antérieures à 7.0.10 | ||
| Fortinet | FortiOS | FortiOS versions antérieures à 7.0.13 | ||
| Fortinet | FortiProxy | FortiProxy versions 2.0.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.7.x antériéures à 6.7.6 | ||
| Fortinet | FortiMail | FortiMail versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | N/A | FortiClientWindows versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.5.x antérieures à 6.5.2 | ||
| Fortinet | FortiMail | FortiMail versions antérieures à 7.0.7 | ||
| Fortinet | N/A | FortiWLM version 8.x antérieures à 8.5.5 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions 6.5.x antérieures à 6.5.1 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.0.x antérieures à 5.0.3.1016 | ||
| Fortinet | FortiGate | Fortigate FGT_VM64 versions 7.x antérieures 7.2.7 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiSIEM | FortiSIEM versions antérieures à 6.4.3 | ||
| Fortinet | FortiManager | FortiManager versions antérieures à 7.2.4 | ||
| Fortinet | FortiSIEM | FortiSIEM versions 7.0.x antérieures à 7.0.1 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.6 | ||
| Fortinet | N/A | FortiEDRCollectorWindows versions 5.2.x antérieures à 5.2.0.4581 | ||
| Fortinet | FortiOS | FortiOS versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiADC | FortiADC versions antérieures à 7.1.3 | ||
| Fortinet | FortiDDoS | FortiDDOS-F versions antérieures à 6.4.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.1 | ||
| Fortinet | FortiMail | FortiMail versions 7.2.x antérieures à 7.2.5 | ||
| Fortinet | FortiWAN | FortiWAN toutes versions (ce produit n'est plus maintenu par l'éditeur) | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x | ||
| Fortinet | FortiSIEM | FortiSIEM versions 6.6.x antériéures à 6.6.4 | ||
| Fortinet | N/A | FortiWLM version 8.6.x antérieures à 8.6.6 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions antérieures à 7.2.4 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fortigate FGT_VM64 versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 2.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.7.x ant\u00e9ri\u00e9ures \u00e0 6.7.6",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.5.x ant\u00e9rieures \u00e0 6.5.2",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.x ant\u00e9rieures \u00e0 8.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions 6.5.x ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.0.x ant\u00e9rieures \u00e0 5.0.3.1016",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "Fortigate FGT_VM64 versions 7.x ant\u00e9rieures 7.2.7",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions ant\u00e9rieures \u00e0 6.4.3",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDRCollectorWindows versions 5.2.x ant\u00e9rieures \u00e0 5.2.0.4581",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions ant\u00e9rieures \u00e0 7.1.3",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiDDOS-F versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiDDoS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
"product": {
"name": "FortiMail",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN toutes versions (ce produit n\u0027est plus maintenu par l\u0027\u00e9diteur)",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSIEM versions 6.6.x ant\u00e9ri\u00e9ures \u00e0 6.6.4",
"product": {
"name": "FortiSIEM",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLM version 8.6.x ant\u00e9rieures \u00e0 8.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36633",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36633"
},
{
"name": "CVE-2023-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41676"
},
{
"name": "CVE-2023-25603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25603"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-33304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33304"
},
{
"name": "CVE-2023-26205",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26205"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-40719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40719"
},
{
"name": "CVE-2023-29177",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29177"
},
{
"name": "CVE-2023-44248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44248"
},
{
"name": "CVE-2023-41840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41840"
},
{
"name": "CVE-2023-42783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42783"
},
{
"name": "CVE-2022-40681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40681"
},
{
"name": "CVE-2023-44252",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44252"
},
{
"name": "CVE-2023-36553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36553"
},
{
"name": "CVE-2023-44251",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44251"
},
{
"name": "CVE-2023-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45582"
},
{
"name": "CVE-2023-34991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34991"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
}
],
"initial_release_date": "2023-11-22T00:00:00",
"last_revision_date": "2023-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-299 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-306 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-306"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-274 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-274"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-385 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-518 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-518"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-292 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-292"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-108 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-290 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-290"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-287 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-287"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-064 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-135 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-177 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-061 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-061"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-151 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-151"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-396 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-143 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-143"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-142 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-203 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-265 du 14 novembre 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-265"
}
]
}
CERTFR-2023-AVI-0146
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiWeb | FortiWeb versions 5.x à 7.x antérieures à 7.0.5 | ||
| Fortinet | FortiGate | FortiGate versions antérieures à 6.4.2 | ||
| Fortinet | FortiNAC | FortiNAC-F versions antérieures à 7.2.0 | ||
| Fortinet | FortiPortal | FortiPortal versions 7.0.x antérieures à 7.0.3 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.2.x antérieures à 7.2.1 | ||
| Fortinet | FortiOS | FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9 | ||
| Fortinet | FortiADC | FortiADC versions 5.x à 6.2.x antérieures à 6.2.4 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.0.x antérieures à 7.0.5 | ||
| Fortinet | N/A | FortiAuthenticator versions 6.1.x antérieures à 6.1.1 | ||
| Fortinet | N/A | FortiExtender versions 3.3.x antérieures à 3.3.3 | ||
| Fortinet | N/A | FortiExtender versions 5.3.x antérieures à 7.0.4 | ||
| Fortinet | FortiNAC | FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2 | ||
| Fortinet | FortiSandbox | FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0 | ||
| Fortinet | FortiADC | FortiADC versions 7.0.x antérieures à 7.0.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 7.2.x antérieures à 7.2.2 | ||
| Fortinet | N/A | FortiExtender versions 3.x antérieures à 3.2.4 | ||
| Fortinet | N/A | FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 7.0.x antérieures à 7.0.4 | ||
| Fortinet | FortiWAN | FortiWAN versions 4.x antérieures à 4.5.10 | ||
| Fortinet | N/A | FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir) | ||
| Fortinet | FortiSwitch | FortiSwitch versions 6.x antérieures à 6.4.11 | ||
| Fortinet | FortiADC | FortiADC 5.1 all versions | ||
| Fortinet | FortiADC | FortiADC 5.0 all versions | ||
| Fortinet | N/A | FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir) | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer versions 6.x antérieures à 6.4.9 | ||
| Fortinet | FortiProxy | FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8 | ||
| Fortinet | FortiOS | FortiOS versions 7.2.x antérieures à 7.2.4 | ||
| Fortinet | N/A | FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5 | ||
| Fortinet | FortiSwitchManager | FortiSwitchManager versions 7.0.x antérieures à 7.0.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiWeb",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
"product": {
"name": "FortiGate",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiPortal",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
"product": {
"name": "FortiNAC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
"product": {
"name": "FortiSandbox",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
"product": {
"name": "FortiSwitch",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.1 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiADC 5.0 all versions",
"product": {
"name": "FortiADC",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
"product": {
"name": "FortiSwitchManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-30304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
},
{
"name": "CVE-2021-42756",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
},
{
"name": "CVE-2023-23780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
},
{
"name": "CVE-2022-40678",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
},
{
"name": "CVE-2022-40677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
},
{
"name": "CVE-2022-33869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
},
{
"name": "CVE-2022-30303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
},
{
"name": "CVE-2022-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
},
{
"name": "CVE-2023-22638",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
},
{
"name": "CVE-2022-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-41335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
},
{
"name": "CVE-2022-38378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
},
{
"name": "CVE-2022-30306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
},
{
"name": "CVE-2023-23782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
},
{
"name": "CVE-2021-43074",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
},
{
"name": "CVE-2023-23778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
},
{
"name": "CVE-2023-25602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
},
{
"name": "CVE-2022-22302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
},
{
"name": "CVE-2022-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
},
{
"name": "CVE-2022-43954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
},
{
"name": "CVE-2022-30299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
},
{
"name": "CVE-2022-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
},
{
"name": "CVE-2022-38375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
},
{
"name": "CVE-2022-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
},
{
"name": "CVE-2022-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
},
{
"name": "CVE-2022-39952",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
},
{
"name": "CVE-2023-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
},
{
"name": "CVE-2022-40683",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
},
{
"name": "CVE-2023-23777",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
},
{
"name": "CVE-2023-23779",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
},
{
"name": "CVE-2023-23784",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
},
{
"name": "CVE-2022-38376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
},
{
"name": "CVE-2021-42761",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
},
{
"name": "CVE-2022-39954",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
},
{
"name": "CVE-2022-40675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
},
{
"name": "CVE-2023-23783",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
},
{
"name": "CVE-2022-27482",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
},
{
"name": "CVE-2023-23781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
}
],
"initial_release_date": "2023-02-17T00:00:00",
"last_revision_date": "2023-02-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
}
],
"reference": "CERTFR-2023-AVI-0146",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
"url": null
}
]
}
CERTFR-2022-AVI-312
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiClient | FortiClient pour Linux et Windows versions 6.x antérieures à 6.4.8 | ||
| Fortinet | N/A | FortiEDR versions antérieures à 5.0.3 | ||
| Fortinet | FortiClient | FortiClient pour Linux et Windows versions 7.x antérieures à 7.0.3 | ||
| Fortinet | FortiWAN | FortiWAN versions antérieures à 4.5.9 | ||
| Fortinet | N/A | FortiWLC versions antérieures à 8.6.3 | ||
| Fortinet | N/A | FortiEDR Collector versions antérieures à 5.0.3 b0508 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiClient pour Linux et Windows versions 6.x ant\u00e9rieures \u00e0 6.4.8",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR versions ant\u00e9rieures \u00e0 5.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiClient pour Linux et Windows versions 7.x ant\u00e9rieures \u00e0 7.0.3",
"product": {
"name": "FortiClient",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWAN versions ant\u00e9rieures \u00e0 4.5.9",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiWLC versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiEDR Collector versions ant\u00e9rieures \u00e0 5.0.3 b0508",
"product": {
"name": "N/A",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26113",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26113"
},
{
"name": "CVE-2021-24009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24009"
},
{
"name": "CVE-2021-26114",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26114"
},
{
"name": "CVE-2021-44167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44167"
},
{
"name": "CVE-2022-23441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23441"
},
{
"name": "CVE-2021-32585",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32585"
},
{
"name": "CVE-2022-23446",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23446"
},
{
"name": "CVE-2021-32593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32593"
},
{
"name": "CVE-2021-44169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44169"
},
{
"name": "CVE-2021-26112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26112"
},
{
"name": "CVE-2022-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23440"
},
{
"name": "CVE-2021-43205",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43205"
}
],
"initial_release_date": "2022-04-06T00:00:00",
"last_revision_date": "2022-04-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-312",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-018 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-078 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-078"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-060 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-060"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-226 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-226"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-064 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-064"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-070 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-070"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-232 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-232"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-238 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-238"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-065 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-065"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-052 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-052"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-019 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-22-019"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-002 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-002"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-062 du 05 avril 2022",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-062"
}
]
}
CERTFR-2021-AVI-320
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Fortinet FortiWAN. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiWAN versions ant\u00e9rieures \u00e0 5.1.1",
"product": {
"name": "FortiWAN",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26102",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26102"
}
],
"initial_release_date": "2021-04-28T00:00:00",
"last_revision_date": "2021-04-28T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-320",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiWAN. Elle permet \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiWAN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-048 du 27 avril 2021",
"url": "https://www.fortiguard.com/psirt/FG-IR-21-048"
}
]
}