Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including but not limited to FortiOS, FortiManager and FortiProxy.

Affected Systems:

The affected systems and versions include, but are not limited to:

• FortiOS: 7.6.0-7.6.2, 7.4.0 - 7.4.7, 7.2.0 - 7.2.10, 7.0.0 - 7.0.12, 6.4.0 - 6.4.15, 6.2.0 – 6.2.16, 6.0(all versions).

• FortiManager: 7.6.0 - 7.6.1, 7.4.0 - 7.4.5, 7.2.0 - 7.2.9, 7.0.0 – 7.0.13, 6.4(all versions), 6.2(all versions).

• FortiProxy: 7.6.0-7.6.2, 7.4.0 - 7.4.3, 7.2.0 - 7.2.8, 7.0.0 - 7.0.15, 2.0 (all versions).

Security Risks

Successful exploitation of the vulnerabilities in Fortinet software could allow unauthorized individuals to gain access to and control of affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

• FortiOS: Upgrade to 7.6.3 or above, 7.4.8 or above, 7.2.11 or above, 7.0.13 or above, 6.4.16 or above, 6.2.17 or above, Migrate to a fixed release for all versions of 6.0.

• FortiManager: Upgrade to 7.6.2 or above, 7.4.6 or above, 7.2.10 or above, 7.0.14 or above, Migrate to a fixed release for all versions of 6.4 and 6.2.

• FortiProxy: Upgrade to 7.6.3 or above, 7.4.4 or above, 7.2.9 or above, 7.0.16 or above, Migrate to a fixed release for all versions of 2.0.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.
 

References

• https://www.fortiguard.com/psirt