Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including FortiOS, FortiSandbox, FortiProxy, FortiWeb, among others.

Affected Systems:

The affected systems and versions include, but are not limited to:

• FortiOS versions: 7.6.0 - 7.6.4, 7.4.0 - 7.4.9, 7.2.0 - 7.2.11, 7.0.0 - 7.0.17

• FortiSandbox versions: 4.4.0 - 4.4.8 and 5.0.0 - 5.0.5

• FortiProxy versions: 7.6.0 - 7.6.4, 7.4.0 - 7.4.11, 7.2.0 - 7.2.12, 7.0.0 - 7.0.21

• FortiWeb versions: 8.0.0, 7.6.0 - 7.6.4, 7.4.0 - 7.4.9

Security Risks

The successful exploitation of these vulnerabilities could allow remote attackers to execute arbitrary code in certain cases, gain unauthorized access, or compromise affected systems.

For the full list of security updates released by Fortinet, please refer to Fortinet Security Advisories (PSIRT).

Recommended Actions

The National Cyber Security Authority (NCSA) recommends that users and system administrators take the following actions:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

The recommended upgrade versions include, but are not limited to the following:

• FortiOS: Upgrade to version 7.6.5 or above, 7.4.10 or above, 7.2.12 or above, 7.0.18 or above.

• FortiSandbox: Upgrade to version 4.4.9 or above, 5.0.6 or above

• FortiProxy: Upgrade to version 7.6.5 or above, 7.4.12 or above, 7.2.13 or above, 7.0.22 or above.

• FortiWeb: Upgrade to version 8.0.1 or above, 7.6.5 or above, 7.4.10 or above

2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.fortiguard.com/psirt