Refine your search

16 vulnerabilities found for fortiswitch by fortinet

CERTFR-2025-AVI-0871
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiDLP FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x
Fortinet FortiADC FortiADC toutes versions 6.2.x et 7.0.x
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet FortiTester FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.4
Fortinet FortiVoice FortiVoice versions 6.0.7 à 6.0.12
Fortinet FortiClient FortiClientMac toutes versions 7.0.x
Fortinet FortiSOAR FortiSOAR on-premise toutes versions 7.3.x et 7.4.x
Fortinet FortiSIEM FortiSIEM versions 7.2.x antérieures à 7.2.3
Fortinet FortiPAM FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x
Fortinet FortiSRA FortiSRA versions 1.5.x antérieures à 1.5.1
Fortinet FortiWeb FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x
Fortinet FortiDLP FortiDLP versions 12.2.x et antérieures à 12.2.3
Fortinet FortiManager FortiManager Cloud versions 7.6.x antérieures à 7.6.3
Fortinet FortiSOAR FortiSOAR on-premise versions 7.6.x antérieures à 7.6.2
Fortinet FortiNDR FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x
Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.4
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.10
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.7
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.12
Fortinet FortiManager FortiManager Cloud toutes versions 6.4.x
Fortinet FortiPAM FortiPAM versions 1.4.x antérieures à 1.4.3
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.10
Fortinet FortiPAM FortiPAM versions 1.5.x antérieures à 1.5.1
Fortinet FortiSIEM FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.7
Fortinet FortiSRA FortiSRA versions 1.4.x antérieures à 1.4.3
Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.5
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.4
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.4
Fortinet FortiClient FortiClientWindows toutes versions 7.0.x
Fortinet FortiIsolator FortiIsolator versions 2.4.x antérieures à 2.4.5
Fortinet FortiTester FortiTester version 7.4 antérieures à 7.4.3
Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.10
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.6
Fortinet FortiOS FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x
Fortinet FortiIsolator FortiIsolator toutes versions 2.3.x
Fortinet FortiADC FortiADC versions 7.1.x antérieures à 7.1.5
Fortinet FortiProxy FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x
Fortinet FortiAnalyzer FortiAnalyzer Cloud toutes versions 6.4.x
Fortinet FortiAnalyzer FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet FortiManager FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.2
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.4
Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.9
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.3
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.4
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions postérieures à 7.0.1 et antérieures à 7.0.14
Fortinet FortiClient FortiClientMac versions 7.2.x antérieures à 7.2.12
Fortinet FortiSOAR FortiSOAR on-premise versions 7.5.x antérieures à 7.5.2
References
Bulletin de sécurité Fortinet FG-IR-24-372 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-412 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-228 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-280 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-685 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-452 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-487 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-639 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-037 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-684 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-354 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-041 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-198 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-160 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-361 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-861 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-542 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-771 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-010 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-378 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-442 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-664 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-756 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-126 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-628 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-457 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-062 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-546 2025-10-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-25-653 2025-10-14 vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiDLP toutes versions 10.3.x, 10.4.x, 10.5.x, 11.0.x, 11.1.x, 11.2.x, 11.3.x, 11.4.x, 11.5.x, 12.0.x, 12.1.x",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC toutes versions 6.2.x et 7.0.x",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester toutes versions 4.2.x, 7.0.x, 7.1.x, 7.2.x et 7.3.x",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.7 \u00e0 6.0.12",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise toutes versions 7.3.x et 7.4.x",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM toutes versions 1.0.x, 1.1.x, 1.2.x et 1.3.x",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDLP versions 12.2.x et ant\u00e9rieures \u00e0 12.2.3",
      "product": {
        "name": "FortiDLP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR toutes versions 1.5.x, 7.0.x, 7.1.x et 7.2.x",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.5.x ant\u00e9rieures \u00e0 1.5.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM toutes versions 6.2.x, 6.3.x, 6.4.x, 6.5.x, 6.6.x, 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSRA versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "FortiSRA",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows toutes versions 7.0.x",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions 2.4.x ant\u00e9rieures \u00e0 2.4.5",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester version 7.4 ant\u00e9rieures \u00e0  7.4.3",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator toutes versions 2.3.x",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.1.x ant\u00e9rieures \u00e0 7.1.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy toutes versions 1.0.x, 1.1.x, 1.2.x, 2.0.x, 7.0.x, 7.2.x et 7.4.x",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud toutes versions 6.4.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer toutes versions 6.0.x, 6.2.x, 6.4.x, 7.0.x et 7.2.x",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager toutes versions 6.0.x, 6.2.x et 6.4.x",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.9",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions post\u00e9rieures \u00e0 7.0.1 et ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR on-premise versions 7.5.x ant\u00e9rieures \u00e0 7.5.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-58325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58325"
    },
    {
      "name": "CVE-2025-46752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46752"
    },
    {
      "name": "CVE-2025-31365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31365"
    },
    {
      "name": "CVE-2025-49201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49201"
    },
    {
      "name": "CVE-2025-54822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54822"
    },
    {
      "name": "CVE-2025-57741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57741"
    },
    {
      "name": "CVE-2025-58903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58903"
    },
    {
      "name": "CVE-2025-31514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31514"
    },
    {
      "name": "CVE-2025-25253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25253"
    },
    {
      "name": "CVE-2024-33507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33507"
    },
    {
      "name": "CVE-2025-25255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25255"
    },
    {
      "name": "CVE-2023-46718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46718"
    },
    {
      "name": "CVE-2025-47890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47890"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2024-26008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26008"
    },
    {
      "name": "CVE-2025-25252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25252"
    },
    {
      "name": "CVE-2024-48891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48891"
    },
    {
      "name": "CVE-2025-59921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59921"
    },
    {
      "name": "CVE-2025-53951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53951"
    },
    {
      "name": "CVE-2025-53950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53950"
    },
    {
      "name": "CVE-2025-58324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58324"
    },
    {
      "name": "CVE-2025-53845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53845"
    },
    {
      "name": "CVE-2024-50571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50571"
    },
    {
      "name": "CVE-2025-46774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46774"
    },
    {
      "name": "CVE-2025-31366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31366"
    },
    {
      "name": "CVE-2025-57716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57716"
    },
    {
      "name": "CVE-2024-47569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47569"
    },
    {
      "name": "CVE-2025-22258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22258"
    },
    {
      "name": "CVE-2025-57740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57740"
    },
    {
      "name": "CVE-2025-54973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54973"
    },
    {
      "name": "CVE-2025-54658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54658"
    }
  ],
  "initial_release_date": "2025-10-15T00:00:00",
  "last_revision_date": "2025-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0871",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-372",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-372"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-412",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-412"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-228",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-228"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-280",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-280"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-685",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-685"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-452",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-452"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-487",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-487"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-639",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-639"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-037",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-037"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-684",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-684"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-354",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-354"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-041",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-041"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-198",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-198"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-160"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-361",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-361"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-861",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-861"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-542",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-542"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-771",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-771"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-010"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-378",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-378"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-442",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-442"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-664",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-664"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-756",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-756"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-126",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-126"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-628",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-628"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-457",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-457"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-062",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-062"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-546",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-546"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-653",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-653"
    }
  ]
}

CERTFR-2025-AVI-0399
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Fortinet indique que la vulnérabilité CVE-2025-32756 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.3
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.10
Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.5
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.7
Fortinet FortiNDR FortiNDR versions 7.1.x à 7.2.x antérieures à 7.2.5
Fortinet FortiNDR FortiNDR versions 7.6.x antérieures à 7.6.1
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.2
Fortinet FortiMail FortiMail versions 7.6.x antérieures à 7.6.3
Fortinet FortiClientEMS FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.3
Fortinet FortiRecorder FortiRecorder versions 7.0.x antérieures à 7.0.6
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.8
Fortinet FortiVoice FortiVoice versions 7.2.x antérieures à 7.2.1
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.4
Fortinet FortiNDR FortiNDR versions antérieures à 7.0.7
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.8
Fortinet FortiProxy FortiProxy versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.7
Fortinet FortiClient FortiClientMac versions 7.x antérieures à 7.2.9
Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.6
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.2
Fortinet FortiCamera FortiCamera versions antérieures à 2.1.4
Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.2
Fortinet FortiClientEMS FortiClientEMS versions 7.4.x antérieures à 7.4.3
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiOS FortiOS versions antérieures à 7.0.15
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.8
Fortinet FortiVoice FortiVoiceUCDesktop versions antérieures à 7.0
Fortinet FortiVoice FortiVoice versions 6.4.x antérieures à 6.4.11
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.8
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.9
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.6
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x \u00e0 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiCamera versions ant\u00e9rieures \u00e0 2.1.4",
      "product": {
        "name": "FortiCamera",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.2",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClientEMS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceUCDesktop versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.8",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25251"
    },
    {
      "name": "CVE-2025-47294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47294"
    },
    {
      "name": "CVE-2025-24473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24473"
    },
    {
      "name": "CVE-2024-54020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54020"
    },
    {
      "name": "CVE-2025-46777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46777"
    },
    {
      "name": "CVE-2024-35281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35281"
    },
    {
      "name": "CVE-2025-32756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32756"
    },
    {
      "name": "CVE-2025-22252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22252"
    },
    {
      "name": "CVE-2025-47295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47295"
    },
    {
      "name": "CVE-2025-22859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22859"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0399",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2025-32756 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-472",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-472"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-552",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-552"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-381"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-548",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-548"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-025",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-025"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-388",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-388"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-380",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-380"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-016",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-016"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-254",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-254"
    },
    {
      "published_at": "2025-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-023"
    }
  ]
}

CERTFR-2025-AVI-0293
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.3
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.9
Fortinet FortiManager FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.14
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.6
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.3
Fortinet FortiWeb FortiWeb versions antérieures à 7.4.7
Fortinet FortiSwitch FortiSwitch versions 7.4.x antérieures à 7.4.5
Fortinet FortiOS FortiOS versions 6.2.x antérieures à 6.2.17
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.15
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.3
Fortinet FortiSwitch FortiSwitch versions 7.2.x antérieures à 7.2.9
Fortinet FortiOS FortiOS versions antérieures à 6.4.15
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet FortiClient FortiClientEMS versions antérieures à 7.4.3
Fortinet FortiManager FortiManager versions 6.2.x antérieures à 6.2.14
Fortinet FortiSwitch FortiSwitch versions 7.6.x antérieures à 7.6.1
Fortinet FortiOS FortiOS versions antérieures à 7.6 pour la vulnérabilité CVE-2024-32122
Fortinet FortiVoice FortiVoice versions antérieures à 6.4.9
Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.16
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.11
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.14
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.9
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.9
Fortinet FortiIsolator FortiIsolator versions postérieures à 2.4.3 et antérieures à 2.4.7
Fortinet FortiAnalyzer FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet FortiProxy FortiProxy versions antérieures à 7.0.16
Fortinet FortiAnalyzer FortiAnalyzer versions 6.2.x antérieures à 6.2.14
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.10
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.7",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.17",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6 pour la vuln\u00e9rabilit\u00e9 CVE-2024-32122",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiIsolator versions post\u00e9rieures \u00e0 2.4.3 et ant\u00e9rieures \u00e0 2.4.7",
      "product": {
        "name": "FortiIsolator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.14",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-46671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46671"
    },
    {
      "name": "CVE-2024-32122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32122"
    },
    {
      "name": "CVE-2024-50565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50565"
    },
    {
      "name": "CVE-2024-26013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26013"
    },
    {
      "name": "CVE-2024-54025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54025"
    },
    {
      "name": "CVE-2024-48887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48887"
    },
    {
      "name": "CVE-2025-22855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22855"
    },
    {
      "name": "CVE-2024-52962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52962"
    },
    {
      "name": "CVE-2023-37930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37930"
    },
    {
      "name": "CVE-2025-25254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25254"
    },
    {
      "name": "CVE-2024-54024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54024"
    }
  ],
  "initial_release_date": "2025-04-09T00:00:00",
  "last_revision_date": "2025-04-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-474",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-474"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-435",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-435"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-165"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-184",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-184"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-111",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-111"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-453",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-453"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-344",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-344"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-046",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-046"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-392",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-392"
    },
    {
      "published_at": "2025-04-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-397",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-397"
    }
  ]
}

CERTFR-2025-AVI-0120
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions antérieures à 7.0.16
Fortinet FortiPAM FortiPAM versions 1.1.x antérieures à 1.2.0
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.1
Fortinet FortiProxy FortiProxy versions antérieures à 7.0.14
Fortinet FortiWeb FortiWeb versions antérieures à 7.4.6
Fortinet FortiSwitch FortiSwitchManager versions 7.0.x antérieures à 7.0.3
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiSwitch FortiSwitchManager versions 7.2.x antérieures à 7.2.3
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions antérieures à 7.4.1
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.7
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.2.9
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.1
Fortinet FortiClient FortiClientWindows versions 7.4.x antérieures à 7.4.1
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.5
Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 7.2.8
Fortinet FortiManager FortiManager versions antérieures à 7.2.10
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.8
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.12
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.6
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.4.x antérieures à 7.4.4
Fortinet FortiSIEM FortiSIEM versions 6.7.x, 7.0.x et 7.1.x
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.8
Fortinet FortiClient FortiClientMac versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientMac versions 7.2.x antérieures à 7.2.5
Fortinet FortiSandbox FortiSandbox versions antérieures à 4.0.5
Fortinet FortiClient FortiClientMac versions 7.0.x antérieures à 7.0.13
Fortinet FortiPortal FortiPortal versions 7.4.x antérieures à 7.4.3
Fortinet FortiSandbox FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet FortiClient FortiClientWindows versions 7.2.x antérieures à 7.2.7
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.1
Fortinet FortiManager FortiManager Cloud versions 7.4.x antérieures à 7.4.6
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.2.6
Fortinet FortiClient FortiClientWindows versions 7.0.x antérieures à 7.0.14
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.2.9",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions 6.7.x, 7.0.x et 7.1.x",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.2.x ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.14",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50567"
    },
    {
      "name": "CVE-2024-40586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40586"
    },
    {
      "name": "CVE-2024-50569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50569"
    },
    {
      "name": "CVE-2023-40721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40721"
    },
    {
      "name": "CVE-2024-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52968"
    },
    {
      "name": "CVE-2024-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27781"
    },
    {
      "name": "CVE-2024-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27780"
    },
    {
      "name": "CVE-2024-36508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36508"
    },
    {
      "name": "CVE-2024-40585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40585"
    },
    {
      "name": "CVE-2025-24470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24470"
    },
    {
      "name": "CVE-2024-35279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35279"
    },
    {
      "name": "CVE-2024-40591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40591"
    },
    {
      "name": "CVE-2024-33504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33504"
    },
    {
      "name": "CVE-2024-40584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40584"
    },
    {
      "name": "CVE-2024-52966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52966"
    }
  ],
  "initial_release_date": "2025-02-12T00:00:00",
  "last_revision_date": "2025-02-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0120",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-438",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-438"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-220"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-261",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-261"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-324",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-324"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-094",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-094"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-302",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-302"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-160",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-160"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-300",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-300"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-147",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-147"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-063",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-063"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-279",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-279"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-311",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-311"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-422",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-422"
    },
    {
      "published_at": "2025-02-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-25-015",
      "url": "https://www.fortiguard.com/psirt/FG-IR-25-015"
    }
  ]
}

CERTFR-2025-AVI-0031
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products
Vendor Product Description
Fortinet FortiClient FortiClientMac versions antérieures à 7.2.5
Fortinet FortiDDoS-F FortiDDoS-F versions antérieures à 6.3.3
Fortinet FortiAnalyzer FortiAnalyzer versions 7.6.x antérieures à 7.6.2
Fortinet FortiOS FortiOS versions antérieures à 7.6.1 pour la vulnérabilité CVE-2024-52963
Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.5
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.6
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.13
Fortinet FortiSOAR FortiSOAR versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager versions 7.6.x antérieures à 7.6.2
Fortinet FortiSOAR Connecteur IMAP pour FortiSOAR versions antérieures à 3.5.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiOS FortiOS versions antérieures à 7.0.16
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.9
Fortinet FortiWLC FortiWLC versions 8.6.x antérieures à 8.6.6
Fortinet FortiManager FortiManager versions 6.4.x antérieures à 6.4.15
Fortinet FortiClient FortiClientEMS versions 7.4.x antérieures à 7.4.1
Fortinet FortiClient FortiClientEMS Cloud versions antérieures à 7.2.5
Fortinet FortiClient FortiClientEMS Cloud versions 7.4.x antérieures à 7.4.1
Fortinet FortiPortal FortiPortal versions 6.0.x antérieures à 6.0.15
Fortinet FortiClient FortiClientMac versions antérieures à 7.4.0
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.5
Fortinet FortiMail FortiMail versions 6.4x antérieures à 6.4.8
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.13
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions antérieures à 6.0.10
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.4.x postérieures à 7.4.1 et antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.8
Fortinet FortiManager FortiManager Cloud versions postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions 7.2.x postérieures à 7.2.1 et antérieures à 7.2.7
Fortinet FortiSwitch FortiSwitch versions 7.4.x antérieures à 7.4.1
Fortinet FortiWeb FortiWeb versions 7.6.x antérieures à 7.6.2
Fortinet FortiAP-W2 FortiAP-W2 versions antérieures à 7.2.4
Fortinet FortiClient FortiClientEMS versions antérieures à 7.2.5
Fortinet FortiVoice FortiVoice versions 7.0.x antérieures à 7.0.5
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.10
Fortinet FortiSwitch FortiSwitch versions 7.2.x antérieures à 7.2.6
Fortinet FortiDDoS FortiDDoS versions antérieures à 5.5.1
Fortinet FortiAP FortiAP versions antérieures à 7.2.4
Fortinet FortiSwitch FortiSwitch versions antérieures à 6.2.8
Fortinet FortiClient FortiClientWindows versions antérieures à 7.4.1
Fortinet FortiSOAR FortiSOAR versions antérieures à 7.2.2 Security Patch 9
Fortinet FortiAnalyzer FortiAnalyzer-BigData versions 7.2.x antérieures à 7.2.6
Fortinet FortiDeceptor FortiDeceptor versions antérieures à 6.0.1
Fortinet FortiAP-S FortiAP-S versions antérieures à 6.4.10
Fortinet FortiVoiceEnterprise FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet FortiAuthenticator FortiAuthenticator versions antérieures à 6.3.3
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.5
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.19
Fortinet FortiOS FortiOS versions 7.6.x antérieures à 7.6.1
Fortinet FortiAnalyzer FortiAnalyzer versions 7.4.x antérieures à 7.4.4
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.5
Fortinet FortiManager FortiManager Cloud versions antérieures à 7.0.13
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.5
Fortinet FortiAP FortiAP versions 7.4.x antérieures à 7.4.3
Fortinet FortiClient FortiClientLinux versions antérieures à 7.2.5
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.14
Fortinet FortiNDR FortiNDR versions antérieures à 7.2.2
Fortinet FortiManager FortiManager versions 6.2.x antérieures à 6.2.12
Fortinet FortiAnalyzer FortiAnalyzer Cloud versions antérieures à 7.0.12
Fortinet FortiManager FortiManager versions 7.4.x antérieures à 7.4.1
Fortinet FortiMail FortiMail versions 7.2.x antérieures à 7.2.5
Fortinet FortiNDR FortiNDR versions 7.4.x antérieures à 7.4.3
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.15
Fortinet FortiSOAR FortiSOAR versions 7.3.x antérieures à 7.3.3
Fortinet FortiManager FortiManager versions 7.2.x antérieures à 7.2.6
Fortinet FortiClient FortiClientLinux versions antérieures à 7.4.0
Fortinet FortiSIEM FortiSIEM versions antérieures à 7.1.6
Fortinet FortiSandbox FortiSandbox versions antérieures à 4.0.5
Fortinet FortiAP-W2 FortiAP-W2 versions 7.4.x antérieures à 7.4.3
Fortinet FortiSandbox FortiSandbox versions 4.2.x antérieures à 4.2.7
Fortinet FortiADC FortiADC versions 6.2.x antérieures à 6.2.4
Fortinet FortiProxy FortiProxy versions 7.4.x antérieures à 7.4.6
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.8
Fortinet FortiTester FortiTester versions antérieures à 7.2.1
Fortinet FortiAnalyzer FortiAnalyzer versions 6.4.x antérieures à 6.4.15
Fortinet FortiAuthenticator FortiAuthenticator versions 6.4.x antérieures à 6.4.1
Fortinet FortiVoice FortiVoice versions antérieures à 6.4.10
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.12
Fortinet FortiSOAR FortiSOAR versions 7.5.x antérieures à 7.5.1
Fortinet FortiRecorder FortiRecorder versions 7.2.x antérieures à 7.2.2
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.7
References
Bulletin de sécurité Fortinet FG-IR-23-258 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-458 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-061 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-285 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-165 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-494 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-220 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-221 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-078 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-282 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-373 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-106 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-250 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-189 2025-01-15 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-401 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-239 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-097 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-260 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-170 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-259 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-143 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-476 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-415 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-461 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-266 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-407 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-086 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-465 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-222 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-219 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-210 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-211 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-267 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-010 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-473 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-216 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-326 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-135 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-152 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-304 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-164 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-310 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-405 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-127 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-381 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-091 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-417 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-293 2025-01-14 vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-071 2025-01-14 vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS-F versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiDDoS-F",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.6.1 pour la vuln\u00e9rabilit\u00e9 CVE-2024-52963",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "Connecteur IMAP pour FortiSOAR versions ant\u00e9rieures \u00e0 3.5.8",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.0.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "FortiWLC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.15",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.4.x post\u00e9rieures \u00e0 7.4.1 et ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions 7.2.x post\u00e9rieures \u00e0 7.2.1 et ant\u00e9rieures \u00e0 7.2.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientEMS versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDDoS versions ant\u00e9rieures \u00e0 5.5.1",
      "product": {
        "name": "FortiDDoS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions ant\u00e9rieures \u00e0 7.2.2 Security Patch 9",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiAP-S",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiVoiceEnterprise",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.3",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.19",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.6.x ant\u00e9rieures \u00e0 7.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager Cloud versions ant\u00e9rieures \u00e0 7.0.13",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.14",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer Cloud versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiNDR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.15",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.3",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiClient",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSIEM versions ant\u00e9rieures \u00e0 7.1.6",
      "product": {
        "name": "FortiSIEM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions ant\u00e9rieures \u00e0 4.0.5",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions 7.4.x ant\u00e9rieures \u00e0 7.4.3",
      "product": {
        "name": "FortiAP-W2",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.2.x ant\u00e9rieures \u00e0 4.2.7",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester versions ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiTester",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiAuthenticator",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiVoice",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.5.x ant\u00e9rieures \u00e0 7.5.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-45326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45326"
    },
    {
      "name": "CVE-2023-37931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37931"
    },
    {
      "name": "CVE-2024-32115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32115"
    },
    {
      "name": "CVE-2023-42786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42786"
    },
    {
      "name": "CVE-2024-35280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35280"
    },
    {
      "name": "CVE-2024-35273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35273"
    },
    {
      "name": "CVE-2024-48884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48884"
    },
    {
      "name": "CVE-2024-46666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46666"
    },
    {
      "name": "CVE-2022-23439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23439"
    },
    {
      "name": "CVE-2024-47571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47571"
    },
    {
      "name": "CVE-2024-35275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35275"
    },
    {
      "name": "CVE-2024-47573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47573"
    },
    {
      "name": "CVE-2024-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52963"
    },
    {
      "name": "CVE-2023-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37937"
    },
    {
      "name": "CVE-2024-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33503"
    },
    {
      "name": "CVE-2024-55593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55593"
    },
    {
      "name": "CVE-2024-48885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48885"
    },
    {
      "name": "CVE-2024-46662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46662"
    },
    {
      "name": "CVE-2024-27778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27778"
    },
    {
      "name": "CVE-2024-48893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48893"
    },
    {
      "name": "CVE-2024-47566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47566"
    },
    {
      "name": "CVE-2024-52969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52969"
    },
    {
      "name": "CVE-2024-35276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35276"
    },
    {
      "name": "CVE-2024-40587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40587"
    },
    {
      "name": "CVE-2024-36512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36512"
    },
    {
      "name": "CVE-2023-46715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46715"
    },
    {
      "name": "CVE-2024-36510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36510"
    },
    {
      "name": "CVE-2024-56497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56497"
    },
    {
      "name": "CVE-2024-46665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46665"
    },
    {
      "name": "CVE-2024-48890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48890"
    },
    {
      "name": "CVE-2024-21758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21758"
    },
    {
      "name": "CVE-2024-52967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52967"
    },
    {
      "name": "CVE-2023-37936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37936"
    },
    {
      "name": "CVE-2024-46668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46668"
    },
    {
      "name": "CVE-2024-35278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35278"
    },
    {
      "name": "CVE-2024-26012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26012"
    },
    {
      "name": "CVE-2024-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46664"
    },
    {
      "name": "CVE-2024-23106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23106"
    },
    {
      "name": "CVE-2024-54021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54021"
    },
    {
      "name": "CVE-2024-46669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46669"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-42785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42785"
    },
    {
      "name": "CVE-2024-36504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36504"
    },
    {
      "name": "CVE-2024-35277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35277"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2024-48886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48886"
    },
    {
      "name": "CVE-2024-50564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50564"
    },
    {
      "name": "CVE-2024-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33502"
    },
    {
      "name": "CVE-2024-45331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45331"
    },
    {
      "name": "CVE-2024-50563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50563"
    },
    {
      "name": "CVE-2024-36506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36506"
    },
    {
      "name": "CVE-2024-46667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46667"
    },
    {
      "name": "CVE-2024-46670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46670"
    },
    {
      "name": "CVE-2024-47572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47572"
    }
  ],
  "initial_release_date": "2025-01-15T00:00:00",
  "last_revision_date": "2025-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0031",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-258",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-458",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-458"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-061",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-285",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-285"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-165",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-494",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-220",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-220"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-221",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-078",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-078"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-282",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-373",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-106",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-250",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
    },
    {
      "published_at": "2025-01-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-189",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-189"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-401",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-401"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-239",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-097",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-260",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-170"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-259",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-143",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-476",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-476"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-415",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-415"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-461",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-461"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-266",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-266"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-407",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-086",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-086"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-465",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-465"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-222",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-219",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-210",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-210"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-211",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-211"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-267",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-010",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-010"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-473",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-216",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-216"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-326",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-135",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-152",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-304",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-304"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-164",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-164"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-310",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-310"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-405",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-405"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-127",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-381",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-381"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-091",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-417",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-417"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-293",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-071",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-071"
    }
  ]
}

CERTFR-2023-AVI-1018
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS), une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiWeb FortiWeb versions 7.2.x antérieures à 7.2.6
Fortinet FortiMail FortiMail 6.0.x toutes versions
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.1
Fortinet N/A FortiTester 2.6.x toutes versions
Fortinet N/A FortiNDR 1.1.x toutes versions
Fortinet FortiSandbox FortiSandbox versions 3.0.x antérieures à 3.0.4
Fortinet N/A FortiTester 3.5.x toutes versions
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.11
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet FortiOS FortiOS 6.4.x toutes versions
Fortinet FortiWeb FortiWeb 7.0.x toutes versions
Fortinet FortiSwitch FortiSwitch 6.2.x toutes versions
Fortinet FortiADC FortiADC 6.2.x toutes versions
Fortinet FortiMail FortiMail versions 7.4.x antérieures à 7.4.1
Fortinet FortiRecorder FortiRecorder 2.6.x toutes versions
Fortinet N/A FortiTester 3.2.x toutes versions
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet FortiADC FortiADC 6.0.x toutes versions
Fortinet N/A FortiTester 7.1.x toutes versions
Fortinet FortiOS FortiOS 6.0.x toutes versions
Fortinet FortiRecorder FortiRecorder 2.7.x toutes versions
Fortinet FortiSandbox FortiSandbox 3.1.x toutes versions
Fortinet FortiWeb FortiWeb versions 7.4.x antérieures à 7.4.1
Fortinet FortiADC FortiADC 7.0.x toutes versions
Fortinet N/A FortiTester 2.5.x toutes versions
Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.3
Fortinet FortiSandbox FortiSandbox 4.0.x toutes versions
Fortinet FortiPortal FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet N/A FortiTester 3.9.x toutes versions
Fortinet N/A FortiTester 4.1.x toutes versions
Fortinet N/A FortiNDR versions 7.0.x antérieures à 7.0.5
Fortinet FortiSandbox FortiSandbox 3.2.x toutes versions
Fortinet N/A FortiNDR 1.2.x toutes versions
Fortinet FortiOS FortiOS 7.0.x toutes versions
Fortinet N/A FortiTester 3.7.x toutes versions
Fortinet FortiADC FortiADC 7.1.x toutes versions
Fortinet FortiMail FortiMail 6.2.x toutes versions
Fortinet N/A FortiTester 3.4.x toutes versions
Fortinet FortiOS FortiOS versions 6.2.x antérieures à 6.2.16
Fortinet FortiWeb FortiWeb 6.3.x toutes versions
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.5
Fortinet N/A FortiTester 2.7.x toutes versions
Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet N/A FortiTester 2.3.x toutes versions
Fortinet N/A FortiVoice versions 6.4.x antérieures à 6.4.8
Fortinet FortiOS FortiOS versions 7.4.x antérieures à 7.4.1
Fortinet N/A FortiTester 2.8.x toutes versions
Fortinet N/A FortiNDR 1.3.x toutes versions
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.7
Fortinet N/A FortiNDR versions 7.1.x antérieures à 7.1.1
Fortinet FortiPAM FortiPAM versions 1.1.x antérieures à 1.1.1
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.10
Fortinet FortiMail FortiMail versions 6.4.x antérieures à 6.4.7
Fortinet N/A FortiTester 7.2.x toutes versions
Fortinet FortiADC FortiADC versions 7.2.x antérieures à 7.2.3
Fortinet FortiSwitch FortiSwitch 6.0.x toutes versions
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.5
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.13
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.4
Fortinet N/A FortiTester 2.9.x toutes versions
Fortinet N/A FortiVoice versions 6.0.x antérieures à 6.0.12
Fortinet FortiADC FortiADC 6.1.x toutes versions
Fortinet FortiOS FortiOS versions 6.4.x antérieures à 6.4.13
Fortinet FortiPAM FortiPAM 1.0.x toutes versions
Fortinet N/A FortiTester 2.4.x toutes versions
Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.12
Fortinet N/A FortiTester 4.0.x toutes versions
Fortinet N/A FortiTester 4.2.x toutes versions
Fortinet N/A FortiTester 3.1.x toutes versions
Fortinet N/A FortiNDR 1.5.x toutes versions
Fortinet FortiWeb FortiWeb 6.2.x toutes versions
Fortinet N/A FortiNDR 1.4.x toutes versions
Fortinet FortiRecorder FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet FortiPAM FortiPAM versions 1.1.x antérieures à 1.1.2
Fortinet N/A FortiTester 3.8.x toutes versions
Fortinet N/A FortiTester 3.6.x toutes versions
Fortinet FortiADC FortiADC versions 7.4.x antérieures à 7.4.1
Fortinet FortiSandbox FortiSandbox versions 4.4.x antérieures à 4.4.3
Fortinet N/A FortiTester 3.3.x toutes versions
Fortinet FortiMail FortiMail versions 7.0.x antérieures à 7.0.4
Fortinet N/A FortiTester 3.0.x toutes versions
Fortinet N/A FortiWLM versions 8.6.x antérieures à 8.6.6
Fortinet FortiSandbox FortiSandbox 4.2.x toutes versions
Fortinet N/A FortiTester 7.0.x toutes versions
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWeb versions 7.2.x ant\u00e9rieures \u00e0 7.2.6",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.0.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.11",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 7.0.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.2.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.2.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.6.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder 2.7.x toutes versions",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.1.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.0.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.0.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 3.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 7.0.x toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 7.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail 6.2.x toutes versions",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.3.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.7.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.4.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR versions 7.1.x ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch 6.0.x toutes versions",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.5",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.13",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.9.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoice versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 6.1.x toutes versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0.x toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 2.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 4.2.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.1.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.5.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb 6.2.x toutes versions",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNDR 1.4.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM versions 1.1.x ant\u00e9rieures \u00e0 1.1.2",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.8.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.6.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.4.x ant\u00e9rieures \u00e0 7.4.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 4.4.x ant\u00e9rieures \u00e0 4.4.3",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.3.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 3.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLM versions 8.6.x ant\u00e9rieures \u00e0 8.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox 4.2.x toutes versions",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiTester 7.0.x toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47536"
    },
    {
      "name": "CVE-2023-47539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47539"
    },
    {
      "name": "CVE-2023-40716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40716"
    },
    {
      "name": "CVE-2023-41678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41678"
    },
    {
      "name": "CVE-2023-46713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46713"
    },
    {
      "name": "CVE-2023-48782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48782"
    },
    {
      "name": "CVE-2023-41844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41844"
    },
    {
      "name": "CVE-2023-41673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41673"
    },
    {
      "name": "CVE-2022-27488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27488"
    },
    {
      "name": "CVE-2023-48791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48791"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2023-45587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45587"
    }
  ],
  "initial_release_date": "2023-12-13T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune injection de code indirecte \u00e0 distance (XSS), une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-138 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-138"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-270 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-270"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-214 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-196 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-360 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-360"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-439 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-439"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-425 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-425"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-038 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-256 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-256"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-345 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-345"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-432 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-432"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-450 du 12 d\u00e9cembre 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-450"
    }
  ]
}

CERTFR-2023-AVI-0199
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité, un déni de service à distance, une élévation de privilèges, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiManager FortiManager versions 6.0.x antérieures à 6.0.5
Fortinet FortiWeb FortiWeb versions 7.0.x antérieures à 7.0.3
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.5
Fortinet FortiRecorder FortiRecorder versions antérieures à 7.0.0
Fortinet FortiPortal FortiPortal versions 6.0.x antérieures à 6.0.10
Fortinet FortiWeb FortiWeb versions 6.4.x antérieures à 6.4.2
Fortinet FortiMail FortiMail versions 6.0.x antérieures à 6.0.10
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.11
Fortinet FortiAnalyzer FortiAnalyzer versions 6.0.x antérieures à 6.0.5
Fortinet FortiNAC FortiNAC versions 9.2.x antérieures à 9.2.7
Fortinet FortiOS FortiOS versions antérieures à 7.4.0
Fortinet FortiOS FortiOS versions 6.2.x antérieures à 6.2.13
Fortinet FortiWeb FortiWeb versions 6.3.x antérieures à 6.3.21
Fortinet FortiNAC FortiNAC versions 9.4.x antérieures à 9.4.2
Fortinet FortiAnalyzer FortiAnalyzer versions 6.2.x antérieures à 6.2.0
Fortinet FortiMail FortiMail versions 6.2.x antérieures à 6.2.5
Fortinet N/A FortiAuthenticator versions antérieures à 6.5.0
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet FortiRecorder FortiRecorder versions 6.4.x antérieures à 6.4.4
Fortinet FortiOS FortiOS-6K7K versions 6.2.x antérieures à 6.2.13
Fortinet FortiAnalyzer FortiAnalyzer versions 6.4.x antérieures à 6.4.11
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.9
Fortinet FortiMail FortiMail versions 6.4.x antérieures à 6.4.1
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.6
Fortinet FortiWeb FortiWeb versions antérieures à 7.2.0
Fortinet FortiOS FortiOS-6K7K versions 6.4.x antérieures à 6.4.12
Fortinet FortiOS FortiOS-6K7K versions 7.0.x antérieures à 7.0.10
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.3
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet FortiRecorder FortiRecorder versions 6.0.x antérieures à 6.0.12
Fortinet FortiNAC FortiNAC versions antérieures à 7.2.0
Fortinet FortiDeceptor FortiDeceptor versions antérieures à 3.2.0
Fortinet FortiManager FortiManager versions antérieures à 6.2.0
Fortinet FortiSOAR FortiSOAR versions 7.3.x antérieures à 7.3.2
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.12
Fortinet FortiOS FortiOS versions 6.4.x antérieures à 6.4.12
Fortinet FortiNAC FortiNAC versions 9.1.x antérieures à 9.1.9
Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.10
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiManager versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.4.x ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.0.x ant\u00e9rieures \u00e0 6.0.10",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 7.4.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.21",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.4.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.2.x ant\u00e9rieures \u00e0 6.2.5",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.4.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiMail versions 6.4.x ant\u00e9rieures \u00e0 6.4.1",
      "product": {
        "name": "FortiMail",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS-6K7K versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.3",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions 6.0.x ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.2.0",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.3.x ant\u00e9rieures \u00e0 7.3.2",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.12",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.1.x ant\u00e9rieures \u00e0 9.1.9",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.10",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-29056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29056"
    },
    {
      "name": "CVE-2022-41329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
    },
    {
      "name": "CVE-2022-41328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
    },
    {
      "name": "CVE-2022-27490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27490"
    },
    {
      "name": "CVE-2022-41333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41333"
    },
    {
      "name": "CVE-2023-25611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25611"
    },
    {
      "name": "CVE-2022-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39953"
    },
    {
      "name": "CVE-2023-23776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23776"
    },
    {
      "name": "CVE-2022-42476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
    },
    {
      "name": "CVE-2022-22297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22297"
    },
    {
      "name": "CVE-2022-39951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39951"
    },
    {
      "name": "CVE-2022-45861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
    },
    {
      "name": "CVE-2022-40676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40676"
    },
    {
      "name": "CVE-2023-25605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25605"
    },
    {
      "name": "CVE-2023-25610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
    }
  ],
  "initial_release_date": "2023-03-08T00:00:00",
  "last_revision_date": "2023-03-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0199",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-08T00:00:00.000000"
    },
    {
      "description": "Correction mineure dans la partie r\u00e9sum\u00e9",
      "revision_date": "2023-03-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eFortinet\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une injection de\ncode indirecte \u00e0 distance (XSS), un contournement de la politique de\ns\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-078 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-078"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-447 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-447"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-488 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-488"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-369 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-477 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-477"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-254 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-254"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-388 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-388"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-401 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-401"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-050 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-050"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-281 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-281"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-001 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-001"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-218 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-232 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-18-232"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-309 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-309"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-364 du 07 mars 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-364"
    }
  ]
}

CERTFR-2023-AVI-0146
Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiWeb FortiWeb versions 5.x à 7.x antérieures à 7.0.5
Fortinet FortiGate FortiGate versions antérieures à 6.4.2
Fortinet FortiNAC FortiNAC-F versions antérieures à 7.2.0
Fortinet FortiPortal FortiPortal versions 7.0.x antérieures à 7.0.3
Fortinet FortiSwitchManager FortiSwitchManager versions 7.2.x antérieures à 7.2.1
Fortinet FortiOS FortiOS versions 6.0.x à 7.0.x antérieures à 7.0.9
Fortinet FortiADC FortiADC versions 5.x à 6.2.x antérieures à 6.2.4
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.5
Fortinet N/A FortiAuthenticator versions 6.1.x antérieures à 6.1.1
Fortinet N/A FortiExtender versions 3.3.x antérieures à 3.3.3
Fortinet N/A FortiExtender versions 5.3.x antérieures à 7.0.4
Fortinet FortiNAC FortiNAC versions 8.x à 9.4.x antérieures à 9.4.2
Fortinet FortiSandbox FortiSandbox versions 3.2.x à 4.x antérieures à 4.2.0
Fortinet FortiADC FortiADC versions 7.0.x antérieures à 7.0.2
Fortinet FortiProxy FortiProxy versions 7.2.x antérieures à 7.2.2
Fortinet FortiAnalyzer FortiAnalyzer versions 7.2.x antérieures à 7.2.2
Fortinet N/A FortiExtender versions 3.x antérieures à 3.2.4
Fortinet N/A FortiExtender versions 4.2.x antérieures à 4.2.5 (version à venir)
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.4
Fortinet FortiWAN FortiWAN versions 4.x antérieures à 4.5.10
Fortinet N/A FortiExtender versions 4.1.x antérieures à 4.1.9 (version à venir)
Fortinet FortiSwitch FortiSwitch versions 6.x antérieures à 6.4.11
Fortinet FortiADC FortiADC 5.1 all versions
Fortinet FortiADC FortiADC 5.0 all versions
Fortinet N/A FortiExtender versions 4.0.x antérieures à 4.0.3 (version à venir)
Fortinet FortiAnalyzer FortiAnalyzer versions 6.x antérieures à 6.4.9
Fortinet FortiProxy FortiProxy versions 1.x à 7.0.x antérieures à 7.0.8
Fortinet FortiOS FortiOS versions 7.2.x antérieures à 7.2.4
Fortinet N/A FortiAuthenticator versions 5.x à 6.0.x antérieures à 6.0.5
Fortinet FortiSwitchManager FortiSwitchManager versions 7.0.x antérieures à 7.0.1
References
Bulletin de sécurité Fortinet FG-IR-22-166 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-460 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-046 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-280 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-273 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-251 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-312 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-014 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-362 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-300 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-214 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-391 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-164 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-430 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-146 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-131 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-157 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-265 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-234 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-118 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-348 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-187 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-20-220 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-260 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-167 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-151 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-346 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-111 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-080 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-133 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-304 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-329 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-142 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-163 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-048 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-186 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-257 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-21-126 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet FG-IR-22-136 du 16 février 2023 None vendor-advisory
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other
Bulletin de sécurité Fortinet du 16 février 2023 - other

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiWeb versions 5.x \u00e0 7.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 6.4.2",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC-F versions ant\u00e9rieures \u00e0 7.2.0",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.0.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.x \u00e0 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.5",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 5.3.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 8.x \u00e0 9.4.x ant\u00e9rieures \u00e0 9.4.2",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSandbox versions 3.2.x \u00e0 4.x ant\u00e9rieures \u00e0 4.2.0",
      "product": {
        "name": "FortiSandbox",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 3.x ant\u00e9rieures \u00e0 3.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 4.2.x ant\u00e9rieures \u00e0 4.2.5 (version \u00e0 venir)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWAN versions 4.x ant\u00e9rieures \u00e0 4.5.10",
      "product": {
        "name": "FortiWAN",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 4.1.x ant\u00e9rieures \u00e0 4.1.9 (version \u00e0 venir)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.x ant\u00e9rieures \u00e0 6.4.11",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 5.1 all versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC 5.0 all versions",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiExtender versions 4.0.x ant\u00e9rieures \u00e0 4.0.3 (version \u00e0 venir)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 1.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions 5.x \u00e0 6.0.x ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-30304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30304"
    },
    {
      "name": "CVE-2021-42756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42756"
    },
    {
      "name": "CVE-2023-23780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23780"
    },
    {
      "name": "CVE-2022-40678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40678"
    },
    {
      "name": "CVE-2022-40677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40677"
    },
    {
      "name": "CVE-2022-33869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33869"
    },
    {
      "name": "CVE-2022-30303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30303"
    },
    {
      "name": "CVE-2022-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26115"
    },
    {
      "name": "CVE-2023-22638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22638"
    },
    {
      "name": "CVE-2022-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42472"
    },
    {
      "name": "CVE-2022-39948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
    },
    {
      "name": "CVE-2022-41335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41335"
    },
    {
      "name": "CVE-2022-38378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38378"
    },
    {
      "name": "CVE-2022-30306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30306"
    },
    {
      "name": "CVE-2023-23782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23782"
    },
    {
      "name": "CVE-2021-43074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43074"
    },
    {
      "name": "CVE-2023-23778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23778"
    },
    {
      "name": "CVE-2023-25602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25602"
    },
    {
      "name": "CVE-2022-22302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22302"
    },
    {
      "name": "CVE-2022-27489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27489"
    },
    {
      "name": "CVE-2022-43954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43954"
    },
    {
      "name": "CVE-2022-30299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30299"
    },
    {
      "name": "CVE-2022-30300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30300"
    },
    {
      "name": "CVE-2022-38375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38375"
    },
    {
      "name": "CVE-2022-29054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29054"
    },
    {
      "name": "CVE-2022-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33871"
    },
    {
      "name": "CVE-2022-39952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39952"
    },
    {
      "name": "CVE-2023-22636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22636"
    },
    {
      "name": "CVE-2022-40683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40683"
    },
    {
      "name": "CVE-2023-23777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23777"
    },
    {
      "name": "CVE-2023-23779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23779"
    },
    {
      "name": "CVE-2023-23784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23784"
    },
    {
      "name": "CVE-2022-38376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38376"
    },
    {
      "name": "CVE-2021-42761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42761"
    },
    {
      "name": "CVE-2022-39954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39954"
    },
    {
      "name": "CVE-2022-40675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40675"
    },
    {
      "name": "CVE-2023-23783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23783"
    },
    {
      "name": "CVE-2022-27482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27482"
    },
    {
      "name": "CVE-2023-23781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23781"
    }
  ],
  "initial_release_date": "2023-02-17T00:00:00",
  "last_revision_date": "2023-02-17T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-273"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-329"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-157"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-080"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-133"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-166"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-187"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-167"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-111"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-430"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-260"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-280"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-300"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-460"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-304"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-046"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-362"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-126"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-346"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-151"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-391"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-220"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-214"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-118"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-312"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-131"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-163"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-234"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-186"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-014"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-224"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-048"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-257"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-251"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-348"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-265"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-136"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-146"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet du 16 f\u00e9vrier 2023",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-142"
    }
  ],
  "reference": "CERTFR-2023-AVI-0146",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Fortinet\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-166 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-460 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-046 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-280 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-273 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-251 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-312 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-014 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-362 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-300 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-214 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-391 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-164 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-430 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-146 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-131 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-157 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-265 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-234 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-118 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-348 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-187 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-220 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-260 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-167 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-151 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-346 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-111 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-080 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-133 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-304 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-329 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-142 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-163 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-048 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-186 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-257 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-126 du 16 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-136 du 16 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-613
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiOS FortiOS versions 6.x antérieures à 6.2.11
Fortinet FortiEDR Central Manager FortiEDR Central Manager versions 5.1.x antérieures à 5.2.0
Fortinet FortiManager FortiManager versions 7.0.x antérieures à 7.0.4
Fortinet FortiSwitch FortiSwitch versions 7.0.x antérieures à 7.0.3
Fortinet FortiNAC FortiNAC versions antérieures à 9.1.6
Fortinet FortiManager FortiManager versions 6.x antérieures à 6.4.8
Fortinet FortiEDR Central Manager FortiEDR Central Manager version 5.1.0
Fortinet N/A FortiClientWindows versions 7.0.x antérieures à 7.0.3
Fortinet FortiRecorder FortiRecorder versions antérieures à 6.0.11
Fortinet FortiEDR Central Manager FortiEDR Central Manager versions 5.0.x antérieures à 5.0.3 Patch 7
Fortinet FortiProxy FortiProxy versions 7.0.x antérieures à 7.0.1
Fortinet FortiRecorder FortiRecorder versions antérieures à 6.4.3
Fortinet FortiADC FortiADC versions 7.0.x antérieures à 7.0.2
Fortinet FortiADC FortiADC versions antérieures à 6.2.3
Fortinet FortiOS FortiOS versions 7.0.x antérieures à 7.0.6
Fortinet FortiAnalyzer FortiAnalyzer versions 7.0.x antérieures à 7.0.4
Fortinet N/A FortiVoiceEnterprise versions 6.4.x antérieures à 6.4.4
Fortinet FortiDeceptor FortiDeceptor versions antérieures à 3.3.3
Fortinet FortiSwitch FortiSwitch versions antérieures à 6.4.10
Fortinet N/A FortiClientWindows versions 6.x antérieures à 6.4.7
Fortinet FortiOS FortiOS versions 6.4.x antérieures à 6.4.9
Fortinet N/A FortiVoiceEnterprise versions antérieures à 6.0.11
Fortinet FortiNAC FortiNAC versions 9.2.x antérieures à 9.2.4
Fortinet FortiProxy FortiProxy versions antérieures à 2.0.9
Fortinet FortiDeceptor FortiDeceptor versions 4.0.x antérieures à 4.0.2
Fortinet FortiGate FortiGate versions antérieures à 7.0.6
Fortinet FortiAnalyzer FortiAnalyzer versions 6.x antérieures à 6.4.8
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.11",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.1.x ant\u00e9rieures \u00e0 5.2.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions ant\u00e9rieures \u00e0 9.1.6",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager version 5.1.0",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 7.0.x ant\u00e9rieures \u00e0 7.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiEDR Central Manager versions 5.0.x ant\u00e9rieures \u00e0 5.0.3 Patch 7",
      "product": {
        "name": "FortiEDR Central Manager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiRecorder versions ant\u00e9rieures \u00e0 6.4.3",
      "product": {
        "name": "FortiRecorder",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 7.0.x ant\u00e9rieures \u00e0 7.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions 6.4.x ant\u00e9rieures \u00e0 6.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions ant\u00e9rieures \u00e0 3.3.3",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.10",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows versions 6.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiVoiceEnterprise versions ant\u00e9rieures \u00e0 6.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiNAC versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "FortiNAC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 2.0.9",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiDeceptor versions 4.0.x ant\u00e9rieures \u00e0 4.0.2",
      "product": {
        "name": "FortiDeceptor",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.x ant\u00e9rieures \u00e0 6.4.8",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42755"
    },
    {
      "name": "CVE-2021-44170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44170"
    },
    {
      "name": "CVE-2021-43072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43072"
    },
    {
      "name": "CVE-2022-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26117"
    },
    {
      "name": "CVE-2022-30302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30302"
    },
    {
      "name": "CVE-2022-29057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29057"
    },
    {
      "name": "CVE-2022-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26118"
    },
    {
      "name": "CVE-2022-27483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27483"
    },
    {
      "name": "CVE-2021-41031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41031"
    },
    {
      "name": "CVE-2022-26120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26120"
    },
    {
      "name": "CVE-2022-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23438"
    }
  ],
  "initial_release_date": "2022-07-06T00:00:00",
  "last_revision_date": "2022-07-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-613",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-155 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-155"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-051 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-051"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-057 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-057"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-056 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-056"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-213 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-213"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-190 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-190"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-179 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-179"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-058 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-049 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-049"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-22-077 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-22-077"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-206 du 05 juillet 2022",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-206"
    }
  ]
}

CERTFR-2021-AVI-419
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiProxy FortiProxy versions 2.0.x antérieures à 2.0.2
Fortinet FortiSwitch FortiSwitch versions 6.4.x antérieures à 6.4.7
Fortinet FortiSwitch FortiSwitch versions 6.2.x antérieures à 6.2.7
Fortinet FortiWeb FortiWeb versions 6.2.x antérieures à 6.2.4
Fortinet FortiGate FortiGate versions 5.6.x antérieures à 6.0.13
Fortinet FortiSwitch FortiSwitch toutes versions antérieures à 6.0.x et 3.6.x
Fortinet FortiGate FortiGate versions 6.4.0 à 6.4.4 antérieures à 6.4.5
Fortinet FortiWeb FortiWeb versions 6.3.x antérieures à 6.3.8
Fortinet N/A FortiAuthenticator versions antérieures à 6.3.0
Fortinet FortiWeb FortiWeb toutes versions antérieures à 6.1.x, 6.0.x, 5.9.x
Fortinet FortiADC FortiADC versions 6.0.x antérieures à 6.0.2
Fortinet FortiGate FortiGate versions 6.4.5 antérieures à 7.0.0
Fortinet N/A FortiWLC versions 8.5.x antérieures à 8.5.4
Fortinet FortiADC FortiADC versions 6.1.x antérieures à 6.1.1
Fortinet FortiOS FortiOS versions antérieures à 6.0.3
Fortinet FortiGate FortiGate versions 5.6.x, 6.0.x et 6.2.x antérieures à 7.0.0
Fortinet FortiADC FortiADC versions 5.4.x antérieures à 5.4.5
Fortinet FortiProxy FortiProxy versions 1.2.9, 1.1.x, 1.0.x antérieures à 1.2.10
Fortinet FortiGate FortiGate versions 6.2.x antérieures à 6.4.6
Fortinet FortiGate FortiGate versions 6.0.x antérieures à 6.2.8
Fortinet N/A FortiWLC versions 8.6.x antérieures à 8.6.1
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.2",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.4.x ant\u00e9rieures \u00e0 6.4.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 6.2.x ant\u00e9rieures \u00e0 6.2.7",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.2.x ant\u00e9rieures \u00e0 6.2.4",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 5.6.x ant\u00e9rieures \u00e0 6.0.13",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch toutes versions ant\u00e9rieures \u00e0 6.0.x et 3.6.x",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 6.4.0 \u00e0 6.4.4 ant\u00e9rieures \u00e0 6.4.5",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb versions 6.3.x ant\u00e9rieures \u00e0 6.3.8",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAuthenticator versions ant\u00e9rieures \u00e0 6.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWeb toutes versions ant\u00e9rieures \u00e0 6.1.x, 6.0.x, 5.9.x",
      "product": {
        "name": "FortiWeb",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.0.x ant\u00e9rieures \u00e0 6.0.2",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 6.4.5 ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.5.x ant\u00e9rieures \u00e0 8.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 6.1.x ant\u00e9rieures \u00e0 6.1.1",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.0.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 5.6.x, 6.0.x et 6.2.x ant\u00e9rieures \u00e0 7.0.0",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiADC versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
      "product": {
        "name": "FortiADC",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions 1.2.9, 1.1.x, 1.0.x ant\u00e9rieures \u00e0 1.2.10",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 6.2.x ant\u00e9rieures \u00e0 6.4.6",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiGate versions 6.0.x ant\u00e9rieures \u00e0 6.2.8",
      "product": {
        "name": "FortiGate",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiWLC versions 8.6.x ant\u00e9rieures \u00e0 8.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26094"
    },
    {
      "name": "CVE-2021-26092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26092"
    },
    {
      "name": "CVE-2021-26087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26087"
    },
    {
      "name": "CVE-2021-26111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26111"
    },
    {
      "name": "CVE-2021-24012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-24012"
    },
    {
      "name": "CVE-2021-26093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26093"
    },
    {
      "name": "CVE-2018-13382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13382"
    },
    {
      "name": "CVE-2018-13374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13374"
    },
    {
      "name": "CVE-2021-22123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22123"
    },
    {
      "name": "CVE-2021-22130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22130"
    }
  ],
  "initial_release_date": "2021-06-02T00:00:00",
  "last_revision_date": "2021-06-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-071 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-071"
    }
  ],
  "reference": "CERTFR-2021-AVI-419",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-06-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-002 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-002"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-049 du 30 mai 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-049"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-231 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-231"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-006 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-006"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-157 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-18-157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-001 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-001"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-233 du 30 mai 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-233"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-147 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-018 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-018"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-137 du 28 mai 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-120 du 28 mai 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-120"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-20-199 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-20-199"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-21-026 du 01 juin 2021",
      "url": "https://www.fortiguard.com/psirt/FG-IR-21-026"
    }
  ]
}

CERTFR-2020-AVI-231
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet FortiSwitch. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiSwitch FortiSwitch versions antérieures à 6.4.0
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 6.4.0",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-9506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9506"
    }
  ],
  "initial_release_date": "2020-04-20T00:00:00",
  "last_revision_date": "2020-04-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-231",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiSwitch. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet FortiSwitch",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-224 du 17 avril 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-224"
    }
  ]
}

CERTFR-2020-AVI-068
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 6.2.3
Fortinet FortiManager FortiManager versions antérieures à 6.2.3
Fortinet FortiOS FortiOS versions antérieures à 6.2.3
Fortinet FortiSwitch FortiSwitch versions antérieures à 3.6.11, 6.0.6 ou 6.2.2
Fortinet N/A FortiAP-S/W2 versions antérieures à 6.2.2
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 6.2.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 3.6.11, 6.0.6 ou 6.2.2",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S/W2 versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-17657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17657"
    },
    {
      "name": "CVE-2007-6750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
    }
  ],
  "initial_release_date": "2020-02-04T00:00:00",
  "last_revision_date": "2020-02-04T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-068",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-013 du 03 f\u00e9vrier 2020",
      "url": "https://fortiguard.com/psirt/FG-IR-19-013"
    }
  ]
}

CERTFR-2019-AVI-597
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiSwitch FortiSwitch
Fortinet N/A FortiAP versions 6.2.x antérieures à 6.2.1
Fortinet N/A FortiAP versions 6.0.x antérieures à 6.0.6
Fortinet FortiAnalyzer FortiAnalyzer versions 6.0.x antérieures à 6.0.7
Fortinet FortiAnalyzer FortiAnalyzer versions 6.2.x antérieures à 6.2.1
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSwitch",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 6.0.x ant\u00e9rieures \u00e0 6.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    }
  ],
  "initial_release_date": "2019-11-29T00:00:00",
  "last_revision_date": "2019-11-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-597",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-180 du 29 November 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-180"
    }
  ]
}

CERTFR-2019-AVI-358
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiOS FortiOS versions antérieures à 5.6.1
Fortinet N/A FortiAP versions antérieures à 5.4.4
Fortinet FortiOS FortiOS toutes versions lorsque l'horodatage TCP est activé ou lorsque le trafic HTTP non standard est autorisé
Fortinet N/A FortiAP versions 5.6.x antérieures à 5.6.1
Fortinet FortiManager FortiManager VM versions antérieures à 6.2.1
Fortinet FortiOS FortiOS VM versions antérieures à 6.2.0
Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 5.4.3
Fortinet FortiOS FortiOS VM versions antérieures à 6.0.5
Fortinet FortiSwitch FortiSwitch versions antérieures à 3.6.3
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions ant\u00e9rieures \u00e0 5.6.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 5.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS toutes versions lorsque l\u0027horodatage TCP est activ\u00e9 ou lorsque le trafic HTTP non standard est autoris\u00e9",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 5.6.x ant\u00e9rieures \u00e0 5.6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiManager VM versions ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "FortiManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS VM versions ant\u00e9rieures \u00e0 6.2.0",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 5.4.3",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS VM versions ant\u00e9rieures \u00e0 6.0.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures \u00e0 3.6.3",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-5587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5587"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2019-6695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6695"
    }
  ],
  "initial_release_date": "2019-07-25T00:00:00",
  "last_revision_date": "2019-07-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-358",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-111 du 24 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-111"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-16-090 du 24 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-16-090"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-118 du 24 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-17-118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-19-017 du 24 juillet 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-19-017"
    }
  ]
}

CERTFR-2019-AVI-163
Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet FortiSwitch FortiSwitch versions 6.0.0 à 6.0.1
Fortinet N/A FortiAP-S versions FAP_S221E et FAP_S223E
Fortinet N/A FortiAP-W2 versions FAP_221E (Gen1/Gen2), FAP_222E et FAP_223E (Gen1/Gen2)
Fortinet FortiSwitch FortiSwitch versions 3.6.8 et antérieures
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiSwitch versions 6.0.0 \u00e0 6.0.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-S versions FAP_S221E et FAP_S223E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP-W2 versions FAP_221E (Gen1/Gen2), FAP_222E et FAP_223E (Gen1/Gen2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions 3.6.8 et ant\u00e9rieures",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16986"
    },
    {
      "name": "CVE-2015-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
    },
    {
      "name": "CVE-2012-6708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6708"
    }
  ],
  "initial_release_date": "2019-04-11T00:00:00",
  "last_revision_date": "2019-04-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-163",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-013 du 10 avril 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-18-013"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-18-356 du 10 avril 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-18-356"
    }
  ]
}

CERTFR-2019-AVI-049
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Fortinet. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Fortinet N/A FortiAP versions antérieures à 5.4.4, versions 5.6.0 à 5.6.4, version 6.0.0
Fortinet FortiSwitch FortiSwitch versions antérieures 3.6.7, versions 6.0.0 et 6.0.1
Fortinet FortiOS FortiOS SSL VPN Web Portal versions antérieures à 5.2.9, versions 5.4.0 et 5.4.1
Fortinet FortiOS FortiOS VIP, WANOpt, VoIP versions antérieures à 5.4.4
Fortinet FortiAnalyzer FortiAnalyzer versions antérieures à 5.2.9, versions 5.4.0 et 5.4.1, versions postérieures à 5.4.6 pour le branche 5.4, version 6.0.2
Fortinet FortiOS FortiOS webfilter override et authentication service versions antérieures à 5.4.8, versions 5.6.0 à 5.6.3
Fortinet FortiOS FortiOS Web adminUI versions antérieures à 5.0.5
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiAP versions ant\u00e9rieures \u00e0 5.4.4, versions 5.6.0 \u00e0 5.6.4, version 6.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitch versions ant\u00e9rieures 3.6.7, versions 6.0.0 et 6.0.1",
      "product": {
        "name": "FortiSwitch",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS SSL VPN Web Portal versions ant\u00e9rieures \u00e0 5.2.9, versions 5.4.0 et 5.4.1",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS VIP, WANOpt, VoIP versions ant\u00e9rieures \u00e0 5.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions ant\u00e9rieures \u00e0 5.2.9, versions 5.4.0 et 5.4.1, versions post\u00e9rieures \u00e0 5.4.6 pour le branche 5.4, version 6.0.2",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS webfilter override et authentication service versions ant\u00e9rieures \u00e0 5.4.8, versions 5.6.0 \u00e0 5.6.3",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS Web adminUI versions ant\u00e9rieures \u00e0 5.0.5",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    }
  ],
  "initial_release_date": "2019-02-08T00:00:00",
  "last_revision_date": "2019-02-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-049",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet. Elle permet \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FG-IR-17-173 du 7 f\u00e9vrier 2019",
      "url": "https://fortiguard.com/psirt/FG-IR-17-173"
    }
  ]
}