Fortinet has released a security update addressing multiple vulnerabilities in its products. These vulnerabilities affect several Fortinet products, including FortiOS and FortiSandbox.

Affected Systems:

The affected systems and versions are:

• FortiOS: 7.6.0 - 7.6.4, 7.4.0 - 7.4.9, 7.2.0 - 7.2.11, 6.4.3 - 6.4.16

• FortiSandbox: 5.0.0 - 5.0.1, 4.4.0 - 4.4.7, 4.2 (all versions), 4.0 (all versions)

Security Risks

Successful exploitation of the vulnerabilities in Fortinet software could allow unauthorized individuals to gain access to and control of affected systems.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends that system administrators:

• Follow Fortinet Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

The released software versions for upgrade are:

• FortiOS: Upgrade to 7.6.5 or above, 7.4.10 or above, migrate to a fixed release for 7.2.0 - 7.2.11, Migrate to a fixed release for 6.4.3 - 6.4.16

• FortiSandbox: Upgrade to 5.0.2 or above, 4.4.8 or above, migrate to a fixed release for all versions of 4.2 and 4.0

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

References

• https://www.fortiguard.com/psirt