Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including but not limited to FortiOS, FortiAnalyzer, FortiProxy, FortiWeb, and FortiSwitch.

Affected Systems:

The affected systems and versions include, but are not limited to:

• FortiOS: 7.4.0 - 7.4.4, 7.2.0 - 7.2.8, 7.0.0 - 7.0.15, 6.4 (all versions). 

• FortiAnalyzer: 7.6.0 – 7.6.1, 7.4.0 - 7.4.5, 7.2.0 - 7.2.8,7.0.0 - 7.0.13.

• FortiProxy: 7.4.0 - 7.4.2, 7.2.0 - 7.2.9, 7.0.0 - 7.0.15.

• FortiWeb: 7.4.0 - 7.4.2.

• FortiSwitch: 7.6.0, 7.4.0 - 7.4.4, 7.2.0 - 7.2.8, 7.0.0 - 7.0.10, and 6.4.0 - 6.4.14.    

Security Risks

The successful exploitation of vulnerabilities in Fortinet software poses a significant security risk, allowing cybercriminals to escalate privileges, execute arbitrary code, and disrupt or compromise the affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

• FortiOS: 7.4.5 or later, 7.2.9 or later, 7.0.16 or later, or migrate to a fixed release for 6.4.

• FortiAnalyzer: 7.6.2 or later, 7.4.6 or later, 7.2.9 or later, 7.0.14 or later.

• FortiProxy: 7.4.3 or later, 7.2.10 or later, 7.0.16 or later

• FortiWeb:  7.4.3 or later.

• FortiSwitch: 7.6.1 or later, 7.4.5 or later, 7.2.9 or later, 7.0.11 or later, or 6.4.15 or later.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://www.fortiguard.com/psirt