mickmick.net

Fortinet Products Multiple Vulnerabilities

Release Date: 15 Jan 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, security restriction bypass, data manipulation, denial of service and spoofing on the targeted system.

 

Note: 

CVE-2024-55591 is being exploited in the wild. Successful exploitation allows remote attackers to gain super-admin privileges by making malicious requests to the Node.js websocket module.

 

---

Impact

• Remote Code Execution
• Information Disclosure
• Security Restriction Bypass
• Data Manipulation
• Spoofing
• Denial of Service

---

System / Technologies affected

FortiAnalyzer

• FortiAnalyzer 6.0 all versions
• FortiAnalyzer 6.2 all versions
• FortiAnalyzer 6.4 all versions
• FortiAnalyzer 7.0 all versions
• FortiAnalyzer 7.2.0 through 7.2.5
• FortiAnalyzer 7.4.0 through 7.4.3
• FortiAnalyzer 7.6.0 through 7.6.1
• FortiAnalyzer Cloud 7.4.1 through 7.4.3

FortiAP

• FortiAP 6.4 all versions
• FortiAP 7.0 all versions
• FortiAP 7.2.0 through 7.2.3
• FortiAP 7.4.0 through 7.4.2
• FortiAP-S 6.2 all versions
• FortiAP-S 6.4.0 through 6.4.9
• FortiAP-W2 6.4 all versions
• FortiAP-W2 7.0 all versions
• FortiAP-W2 7.2.0 through 7.2.3
• FortiAP-W2 7.4.0 through 7.4.2

FortiManager

• FortiManager 6.0 all versions
• FortiManager 6.2 all versions
• FortiManager 6.4 all versions
• FortiManager 7.0 all versions
• FortiManager 7.2.0 through 7.2.8
• FortiManager 7.4.0 through 7.4.5
• FortiManager 7.6.0 through 7.6.1
• FortiManager Cloud 7.0.1 through 7.0.12
• FortiManager Cloud 7.2.1 through 7.2.7
• FortiManager Cloud 7.4.0 through 7.4.4
• FortiManager Cloud 7.6.0 through 7.6.1

FortiOS

• FortiOS 6.2 all versions
• FortiOS 6.4 all versions
• FortiOS 7.0 all versions
• FortiOS 7.2 all versions
• FortiOS 7.4.0 through 7.4.4
• FortiOS 7.6.0

FortiProxy

• FortiProxy 1.0 all versions
• FortiProxy 1.1 all versions
• FortiProxy 1.2 all versions
• FortiProxy 2.0 all versions
• FortiProxy 7.0.0 through 7.0.19
• FortiProxy 7.2.0 through 7.2.12
• FortiProxy 7.4.0 through 7.4.5

FortiClientWindows

• FortiClientWindows 6.4 all versions
• FortiClientWindows 7.0 all versions
• FortiClientWindows 7.2 all versions
• FortiClientWindows 7.4.0

FortiClientEMS

• FortiClientEMS 6.2 all versions
• FortiClientEMS 6.4 all versions
• FortiClientEMS 7.0.0 through 7.0.10
• FortiClientEMS 7.2.0 through 7.2.3

FortiWeb

• FortiWeb 6.4 all versions
• FortiWeb 7.0 all versions
• FortiWeb 7.2 all versions
• FortiWeb 7.4.0 through 7.4.4
• FortiWeb 7.6.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-24-535
• https://fortiguard.fortinet.com/psirt/FG-IR-23-458
• https://fortiguard.fortinet.com/psirt/FG-IR-23-405
• https://fortiguard.fortinet.com/psirt/FG-IR-24-326
• https://fortiguard.fortinet.com/psirt/FG-IR-24-143
• https://fortiguard.fortinet.com/psirt/FG-IR-23-407
• https://fortiguard.fortinet.com/psirt/FG-IR-24-282
• https://fortiguard.fortinet.com/psirt/FG-IR-24-239
• https://fortiguard.fortinet.com/psirt/FG-IR-23-476
• https://fortiguard.fortinet.com/psirt/FG-IR-24-216
• https://fortiguard.fortinet.com/psirt/FG-IR-24-097
• https://fortiguard.fortinet.com/psirt/FG-IR-24-222
• https://fortiguard.fortinet.com/psirt/FG-IR-24-152
• https://www.fortiguard.com/psirt/FG-IR-24-135
• https://www.fortiguard.com/psirt/FG-IR-24-463
• https://www.fortiguard.com/psirt/FG-IR-24-266
• https://www.fortiguard.com/psirt/FG-IR-24-106
• https://www.fortiguard.com/psirt/FG-IR-24-259
• https://www.fortiguard.com/psirt/FG-IR-24-221

---

Vulnerability Identifier

• CVE-2023-46715
• CVE-2024-21758
• CVE-2024-23106
• CVE-2024-26012
• CVE-2024-32115
• CVE-2024-33502
• CVE-2024-35273
• CVE-2024-35277
• CVE-2024-36512
• CVE-2024-46662
• CVE-2024-46665
• CVE-2024-46668
• CVE-2024-46670
• CVE-2024-47571
• CVE-2024-48884
• CVE-2024-48886
• CVE-2024-50564
• CVE-2024-50566
• CVE-2024-54021
• CVE-2024-55591

---

Source

• Fortinet

---

Related Link

• https://fortiguard.fortinet.com/psirt/FG-IR-24-535
• https://fortiguard.fortinet.com/psirt/FG-IR-23-458
• https://fortiguard.fortinet.com/psirt/FG-IR-23-405
• https://fortiguard.fortinet.com/psirt/FG-IR-24-326
• https://fortiguard.fortinet.com/psirt/FG-IR-24-143
• https://fortiguard.fortinet.com/psirt/FG-IR-23-407
• https://fortiguard.fortinet.com/psirt/FG-IR-24-282
• https://fortiguard.fortinet.com/psirt/FG-IR-24-239
• https://fortiguard.fortinet.com/psirt/FG-IR-23-476
• https://fortiguard.fortinet.com/psirt/FG-IR-24-216
• https://fortiguard.fortinet.com/psirt/FG-IR-24-097
• https://fortiguard.fortinet.com/psirt/FG-IR-24-222
• https://fortiguard.fortinet.com/psirt/FG-IR-24-152
• https://www.fortiguard.com/psirt/FG-IR-24-135
• https://www.fortiguard.com/psirt/FG-IR-24-463
• https://www.fortiguard.com/psirt/FG-IR-24-266
• https://www.fortiguard.com/psirt/FG-IR-24-106
• https://www.fortiguard.com/psirt/FG-IR-24-259
• https://www.fortiguard.com/psirt/FG-IR-24-221