Fortinet has released security updates to address vulnerabilities in multiple products, including but not limited to FortiOS and FortiProxy.

Affected Systems

• FortiClientMac

• FortiOS & FortiProxy

• FortiClient Linux

Security Risks

Successful exploitation of vulnerabilities in FortiOS and FortiProxy software is a significant security risk, allowing cyber threat actors to gain unauthorized control over affected systems.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Fortinet Security Advisories to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible. The released software versions for upgrade include:

1. FortiClientMac:

• FortiClientMac 7.2.0 through 7.2.3         Upgrade to 7.2.4 or above

• FortiClientMac 7.0.6 through 7.0.10       Upgrade to 7.0.11 or above

2. FortiOS & FortiProxy

• FortiOS 7.0.0 through 7.0.12                  Upgrade to 7.0.13 or above

• FortiOS 6.2.0 through 6.2.15                  Upgrade to 6.2.16 or above

• FortiOS 6.0 all versions                          Migrate to a fixed release

• FortiProxy 7.0.0 through 7.0.13             Upgrade to 7.0.14 or above

• FortiProxy versions 2.0, 1.2, 1.1, and 1.0 (all versions) require migration to a fixed release.

3. FortiClient Linux

• FortiClientLinux 7.2.0                            Upgrade to 7.2.1 or above

• FortiClientLinux 7.0.6 through 7.0.10     Upgrade to 7.0.11 or above

• FortiClientLinux 7.0.3 through 7.0.4       Upgrade to 7.0.11 or above

Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.fortiguard.com/psirt