Skip to content

Fortinet Releases Security Updates for Multiple Products - 20240313002

Overview

Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A threat actor could exploit some of these vulnerabilities to take control of an affected system.

What is vulnerable?

FortiClientEMS - CSV injection in log download feature - CVSSv3 Score 8.7

Product CVSSv3 Score Severity
FR-IR-23-390: FortiClientEMS - CSV injection in log download feature 8.7 High
FR-IR-23-328: FortiOS, FortiProxy - Out-of-bounds Write in captive portal 9.3 Critical
FR-IR-24-013: FortiOS, FortiProxy - Authorization bypass in SSLVPN bookmarks 7.3 High
FR-IR-23-103: FortiWLM MEA for FortiManager - Improper access control in backup and restore features 7.7 High
FR-IR-24-007: Pervasive SQL injection in DAS component 9.3 Critical

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hrs... (refer Patch Management).