Multiple Vulnerabilities Discovered in Fortinet Products

CERT-FR has issued a warning (CERTFR-2023-AVI-0973) regarding numerous vulnerabilities in Fortinet products, exposing systems to remote code execution, denial-of-service attacks, security policy circumvention, data integrity breaches, confidentiality compromise, and privilege escalation.

Affected Systems:

  • FortiOS versions 7.4.x (prior to 7.4.1)
  • FortiOS versions 7.2.x (prior to 7.2.6)
  • FortiOS versions earlier than 7.0.13
  • Various other Fortinet products (see full list in the advisory)

Summary: These vulnerabilities, identified in Fortinet’s security bulletins (FG-IR-23-385, FG-IR-23-143, FG-IR-23-142, FG-IR-23-265, FG-IR-23-061, FG-IR-23-290, FG-IR-23-135, FG-IR-22-396, FG-IR-23-151, FG-IR-23-177, FG-IR-23-203, FG-IR-23-287, FG-IR-23-306, FG-IR-23-108, FG-IR-23-274, FG-IR-22-299, FG-IR-22-292, FG-IR-22-518, FG-IR-23-064), could allow attackers to compromise system integrity.

Action Required: Refer to Fortinet’s security bulletin for detailed patches and updates. The advisory provides CVE references for tracking each specific vulnerability.