Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including but not limited to FortiOS, FortiAnalyzer, FortiManager, FortiProxy, and FortiWeb.

Affected Systems:

The affected systems and versions include, but are not limited to:

• FortiOS: 7.6.0, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, 7.0 (all versions), 6.4 (all versions).  

• FortiAnalyzer: 7.6.0, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 (all versions).

• FortiManager: 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 (all versions).  

• FortiProxy: 7.4.0 through 7.4.5, 7.2 (all versions), 7.0 (all versions).

• FortiWeb: 7.6.0, 7.4.0 through 7.4.4, 7.2 (all versions), 7.0 (all versions).

Security Risks

The successful exploitation of vulnerabilities in Fortinet software poses a significant security risk, allowing cybercriminals to escalate privileges, execute arbitrary code, and disrupt or compromise the affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow Fortinet Security Advisory FG-IR-24-255 to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

The released software versions for upgrade include, but are not limited to:

• FortiOS: Upgrade to 7.6.1 or higher.

• FortiAnalyzer: Upgrade to 7.6.2 or higher.

• FortiManager: Upgrade to 7.6.2 or higher.

• FortiProxy: Upgrade to 7.4.6 or higher.

• FortiWeb: Upgrade to 7.6.1 or higher.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://www.fortiguard.com/psirt