Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CERT Bulgaria encourages users and administrators to review the following advisories and apply the necessary updates:
- FR-IR-23-390: FortiClientEMS – CSV injection in log download feature
- FR-IR-23-328: FortiOS, FortiProxy – Out-of-bounds Write in captive portal
- FR-IR-24-013: FortiOS, FortiProxy – Authorization bypass in SSLVPN bookmarks
- FR-IR-23-103: FortiWLM MEA for FortiManager – Improper access control in backup and restore features
- FR-IR-24-007: Pervasive SQL injection in DAS component