Fortinet Updates
1910Warning Date
Severity Level
Warning Number
Target Sector
7 October, 2021
● Medium
2021-3639
All
Description:
Fortinet has released security updates to address multiple vulnerabilities in its products, the most importent ones:
- FortiAuthenticator 6.3.0 and below.
- FortiAuthenticator 6.2.1 and below.
- FortiAuthenticator 6.2.0 and below.
- FortiManager 6.4.3 and below.
- FortiManager 6.2.6 and below.
- FortiManager v6.4.3 and below.
- FortiManager v6.2.7 and below.
- FortiSandbox versions 3.2.1 and below.
- FortiOS 6.2.0 to 6.2.2, 6.0.9 and below.
- FortiGate version 7.0.0 or below.
- FortiGate version 6.4.6 or below.
- FortiGate version 6.2.9 or below.
- FortiClient for Linux versions 6.2.8 and below.
- FortiClient for Linux versions 6.4.2 and below.
- FortiOS 7.0.0
- FortiOS 6.4.6 and below
- FortiOS 6.2.x
- FortiOS 6.0.x
- FortiOS 5.6.x
- FortiWeb version 6.3.14 or below.
- FortiWeb version 6.2.4 or below.
- FortiSandbox 3.2.1 and below.
- FortiSandbox 3.1.4 and below.
- FortiOS version 6.4.1 and below.
- FortiWeb version 6.3.13 or below.
- FortiWeb version 6.2.4 or below.
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Buffer overflow
- Command injection
- Disclose sensitive information
Best practice and Recommendations:
The CERT team encourages users to review Fortinet security advisory and apply the necessary updates:
- https://www.fortiguard.com/psirt/FG-IR-21-112
- https://www.fortiguard.com/psirt/FG-IR-20-098
- https://www.fortiguard.com/psirt/FG-IR-20-074
- https://www.fortiguard.com/psirt/FG-IR-20-072
- https://www.fortiguard.com/psirt/FG-IR-20-183
- https://www.fortiguard.com/psirt/FG-IR-20-234
- https://www.fortiguard.com/psirt/FG-IR-20-027