Fortinet has released security updates to address vulnerabilities in its products, including FortiOS and FortiSandbox.

Affected Systems:

• FortiOS:  Versions 7.4.0 – 7.4.4, 7.2.0 – 7.2.11

• FortiSandbox: Version 5.0.0, 4.4.0 – 4.4.6, 4.2.0 – 4.2.7, 4.0.0 – 4.0.5, 3.2, 3.1, 3.0 (all releases)

Security Risks

Successful exploitation of the vulnerabilities in Fortinet software could allow unauthorized individuals to gain access to and control of affected systems.

For a complete list of the security patches released by Fortinet, please refer to the official Fortinet security advisory.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

1. Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

2. Apply the required and latest security updates as soon as possible.

           The released software versions for upgrade include, but are not limited to:

FortiOS:

• Versions 7.4.0 – 7.4.4: Upgrade to 7.4.5 or later  

• Versions 7.2.0 – 7.2.11: Upgrade to 7.2.12 or later

FortiSandbox:

• Version 5.0.0: Upgrade to 5.0.1 or later

• Versions 4.4.0 – 4.4.6: Upgrade to 4.4.7 or later

• Versions 4.2.0 – 4.2.7: Upgrade to 4.2.8 or later

• Versions 4.0.0 – 4.0.5: Upgrade to 4.0.6 or later

• Versions 3.2, 3.1, and 3.0 (all releases): Migrate to a fixed supported release

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://www.fortiguard.com/psirt