Fortinet Alert
3442Warning Date
Severity Level
Warning Number
Target Sector
3 April, 2022
● High
2022-4603
All
Fortinet has released security updates to address several vulnerabilities in the following products:
- FortiPortal
- FortiCASB
- FortiAnalyzer-BigData
- FortiEDR
- FortiSOAR
- FortiEdge
- FortiAIOps
- FortiLANCloud
- FortiPolicy
- The following products are NOT impacted.
- FortiOS
- FortiManager
- FortiAnalyzer
- FortiIsolator
- FortiMail
- FortiNDR
- FortiClientWindows
- FortiClientLinux
- FortiClientMac
- FortiClientEMS
- FortiClientAndroid
- FortiADC
- FortiAuthenticator
- FortiAP
- FortiAP-C
- FortiAP-S
- FortiAP-U
- FortiAP-W2
- FortiDeceptor
- FortiDDoS
- FortiDDoS-F
- FortiExtender
- FortiRecorder
- FortiSandbox
- FortiSIEM
- FortiTester
- FortiSwitch
- FortiVoiceEnterprise
- FortiWeb
- FortiWLC
- FortiWLM
- Forticonnect
- FortiConverter
- FortiInsight
- FortiPentest
- FortiPlanner
- FortiPresence
- FortiAPCloud
- FortiNAC
- FortiOS version 6.0.0 through 6.0.14
- FortiOS version 6.2.0 through 6.2.10
- FortiOS version 6.4.0 through 6.4.8
- FortiOS version 7.0.0 through 7.0.5
- FortiManager version 6.2.0 through 6.2.9
- FortiManager version 6.4.0 through 6.4.7
- FortiManager version 7.0.0 through 7.0.3
- FortiAnalyzer version 6.2.0 through 6.2.9
- FortiAnalyzer version 6.4.0 through 6.4.7
- FortiAnalyzer version 7.0.0 through 7.0.3
- FortiDeceptor version 3.0.0 through 3.0.2
- FortiDeceptor version 3.1.0 through 3.1.1
- FortiDeceptor version 3.2.0 through 3.2.2
- FortiDeceptor version 3.3.0 through 3.3.2
- FortiDeceptor version 4.0.0 through 4.0.1
- FortiDeceptor version 4.1.0
- FortiAuthenticator version 6.0.0 through 6.0.7
- FortiAuthenticator version 6.1.0 through 6.1.2
- FortiAuthenticator version 6.2.0 through 6.2.1
- FortiAuthenticator version 6.3.0 through 6.3.3
- FortiAuthenticator version 6.4.0 through 6.4.1
- FortiMail version 6.0.0 through 6.0.12
- FortiMail version 6.2.0 through 6.2.8
- FortiMail version 6.4.0 through 6.4.6
- FortiMail version 7.0.0 through 7.0.3
- FortiRecorder version 6.0.0 through 6.0.10
- FortiRecorder version 6.4.0 through 6.4.2
- FortiProxy version 7.0.0 through 7.0.3
- FortiSwitch version 6.0.0 through 6.0.7
- FortiSwitch version 6.2.0 through 6.2.7
- FortiSwitch version 6.4.0 through 6.4.10
- FortiSwitch version 7.0.0 through 7.0.4
- FortiWeb version 6.3.0 through 6.3.18
- FortiWeb version 6.4.0 through 6.4.2
- FortiWeb version 7.0.0
- The following products are under investigation:
- FortiVoiceEnterprise
- FortiADC
- FortiADCManager
- FortiAIOps
- FortiAP
- FortiAP-S
- FortiAP-U
- FortiClientWindows
- FortiClientLinux
- FortiClientMac
- FortiClientAndroid
- FortiClientEMS
- FortiSandbox
- FortiConnect
- FortiDDoS
- FortiDDoS-F
- FortiEdge
- FortiIsolator
- FortiNDR
- FortiPentest
- FortiSIEM
- FortiTester
- FortiWLM
- FortiPortal
- FortiWLC
- FortiWAN
An attacker could exploit these vulnerabilities by doing the following:
- Information disclosure
- Arbitrary code exaction
The CERT team encourages users to review Fortinet security advisory and apply the necessary updates: