Advisory 58: Fortinet Releases Security Updates for Multiple Products
Release Date: 12 of March 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear 
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. These updates include various Fortinet products including FortiGate Firewall, FortiManager, FortiAnalyzer, FortiClient, and others.
The advisory will focus on the below Fortinet Products;
- FortiClientEMS – CSV injection in log download feature
- FortiOS, FortiProxy – Out-of-bounds Write in captive portal
- FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks
- FortiWLM MEA for FortiManager – Improper access control in backup and restore features
- Prevasive SQL injection in DNS component
What are the Systems affected?
The following Fortinet Products are affected;
What this means?
The vulnerabilities may allow a cyber threat actor to exploit some of these vulnerabilities to take control of an affected system.
Mitigation process
CERTVU strongly encourages administrators to review the following advisories and apply necessary security updates for Fortinet products and versions.
References
- https://www.cisa.gov/news-events/alerts/2024/03/12/fortinet-releases-security-updates-multiple-products
- https://www.fortiguard.com/psirt/FG-IR-23-390
- https://www.fortiguard.com/psirt/FG-IR-23-328
- https://www.fortiguard.com/psirt/FG-IR-24-013
- https://www.fortiguard.com/psirt/FG-IR-23-103
- https://www.fortiguard.com/psirt/FG-IR-24-007
- Download advisory (English): Fortinet Releases Security Updates for Multiple Products
- Download advisory (Bislama): Fortinet i Rilisim olgeta Sekuriti Apdeit blong Plante Prodak
- Download advisory (French): Mises à jour de sécurité de Fortinet pour de multiples produits