Fortinet has released security updates to address multiple vulnerabilities in the following products:

• FortiADC
  • version 7.2.0
  • version 7.1.0 through 7.1.2
  • 7.0 all versions
  • 6.2 all versions
  • 6.1 all versions
  • 6.0 all versions
  • 5.4 all versions
  • 5.3 all versions
  • 5.2 all versions
• FortiADCManager
  • version 7.1.0
  • version 7.0.0
  • 6.2 all versions
  • 6.1 all versions
  • 6.0 all versions
  • 5.4 all versions
  • 5.3 all versions
  • 5.2 all versions
• FortiNAC
  • version 9.4.0 through 9.4.2
  • 9.2.0 through 9.2.7
  • 9.1 all versions
  • 8.8 all versions
  • 8.7 all versions
  • 8.6 all versions
  • 8.5 all versions
• FortiOS
  • 6K7K version 7.0.10
  • 6K7K version 7.0.5
  • 6K7K version 6.4.12
  • 6K7K version 6.4.10
  • 6K7K version 6.4.8
  • 6K7K version 6.4.6
  • 6K7K version 6.4.2
  • 6K7K version 6.2.9 through 6.2.13
  • 6K7K version 6.2.6 through 6.2.7
  • 6K7K version 6.2.4
  • 6K7K version 6.0.12 through 6.0.16
  • 6K7K version 6.0.10
  • version 7.2.0 through 7.2.4
  • version 7.0.0 through 7.0.11
  • version 6.4.0 through 6.4.12
  • version 6.0.0 through 6.0.16
• FortiProxy
  • version 7.2.0 through 7.2.3
  • version 7.0.0 through 7.0.9
  • version 2.0.0 through 2.0.12
  • 1.2 all versions
  • 1.1 all versions
• FortiSIEM
  • version 6.7.0
  • 6.6 all versions
  • 6.5 all versions
  • 6.4 all versions
  • 6.3 all versions
  • 6.2 all versions
  • 6.1 all versions
  • 5.4 all versions
  • 5.3 all versions
  • 5.2 all versions
  • 5.1 all versions

An attacker could exploit these vulnerabilities by doing the following:

• Command Injection
• Unauthorized Access
• Heap-based Buffer Overflow

The CERT team encourages users to review Fortinet advisory and update the affected products:

• https://www.fortiguard.com/psirt/FG-IR-23-076
• https://www.fortiguard.com/psirt/FG-IR-22-332
• https://www.fortiguard.com/psirt/FG-IR-23-097
• https://www.fortiguard.com/psirt/FG-IR-23-119
• https://www.fortiguard.com/psirt/FG-IR-22-258