Fortinet has released a security update to fix multiple vulnerabilities in Fortinet products, addressing CVE-2024-23666, CVE-2023-50176, CVE-2024-36513, and CVE-2024-47574, which are actively exploited.

Affected Systems:

• FortiAnalyzer
• FortiManager
• FortiAnalyzer-BigData
• FortiOS
• FortiProxy
• FortiPAM
• FortiPortal
• FortiSwitchManager

Security Risks

The successful exploitation of vulnerabilities in Fortinet software poses a significant security risk, enabling cyber threat actors to gain unauthorized control over affected systems.

For detailed information and instructions, please refer to the official Fortinet Security Advisories.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Fortinet Security Advisories to lower the risk of potential exploits, protect systems, and ensure their security.
• Apply the required and latest security updates as soon as possible. The released software versions for upgrade include, but are not limited to:
  • FortiAnalyzer: Upgrade to version 7.4.3 or above.
  • FortiOS: Upgrade to  version 7.4.4 or above
  • FortiAnalyzer-BigData: Upgrade to version 7.4.1 or above
  • FortiClientWindows: Upgrade to version  7.2.5 or above
  • FortiManager: Upgrade to version  7.4.3 or above
• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://fortiguard.fortinet.com/psirt
• https://www.fortiguard.com/psirt/FG-IR-23-396
• https://www.fortiguard.com/psirt/FG-IR-23-475
• https://www.fortiguard.com/psirt/FG-IR-24-144