2
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Impact
- Security Restriction Bypass
- Information Disclosure
- Remote Code Execution
System / Technologies affected
FortiAnalyzer
- FortiAnalyzer 6.4 all versions
- FortiAnalyzer 7.0 all versions
- FortiAnalyzer 7.2 all versions
- FortiAnalyzer 7.4 all versions
- FortiAnalyzer 7.6.0 through 7.6.4
FortiAnalyzer Cloud
- FortiAnalyzer Cloud 6.4 all versions
- FortiAnalyzer Cloud 7.0.1 through 7.0.14
- FortiAnalyzer Cloud 7.2.1 through 7.2.10
- FortiAnalyzer Cloud 7.4.1 through 7.4.7
- FortiAnalyzer Cloud 7.6.2
FortiManager
- FortiManager 6.4 all versions
- FortiManager 7.0 all versions
- FortiManager 7.2 all versions
- FortiManager 7.4 all versions
- FortiManager 7.6.0 through 7.6.4
FortiManager Cloud
- FortiManager Cloud 6.4 all versions
- FortiManager Cloud 7.0.1 through 7.0.14
- FortiManager Cloud 7.2.1 through 7.2.10
- FortiManager Cloud 7.4.1 through 7.4.7
- FortiManager Cloud 7.6.2 through 7.6.3
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://fortiguard.fortinet.com/psirt/FG-IR-26-078
- https://fortiguard.fortinet.com/psirt/FG-IR-26-079
- https://fortiguard.fortinet.com/psirt/FG-IR-26-098