—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Fortinet Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

FortiOS 7.6 versions 7.6.0 through 7.6.3

FortiOS 7.4 all versions

FortiOS 7.2 all versions

FortiOS 7.0 versions 7.0.0 through 7.0.11

FortiOS 7.0 all versions

FortiOS 6.4 all versions

FortiOS 6.2 all versions

FortiPAM 1.5 version 1.5.0

FortiPAM version 1.5.0

FortiPAM 1.4 versions 1.4.0 through 1.4.2

FortiPAM 1.3 all versions

FortiPAM 1.2 all versions

FortiPAM 1.1 all versions

FortiPAM 1.0 all versions

FortiProxy 7.6 versions 7.6.0 through 7.6.3

FortiProxy 7.4 all versions

FortiProxy 7.2 all versions

FortiProxy 7.0 all versions

FortiProxy 2.0 all versions

FortiProxy 1.2 all versions

FortiProxy 1.1 all versions

FortiProxy 1.0 all versions

FortiClientWindows versions 7.4.0 through 7.4.3

FortiClientWindows versions 7.2.0 through 7.2.11

FortiClientWindows 7.0 all versions

FortiClientMac versions 7.4.0 through 7.4.3

FortiClientMac versions 7.2.0 through 7.2.11

FortiClientMac 7.0 all versions

FortiSRA 1.5 version 1.5.0

FortiSRA 1.4 versions 1.4.0 through 1.4.2

FortiSwitchManager 7.2 versions 7.2.1 through 7.2.5

FortiSwitchManager 7.0 versions 7.0.0 through 7.0.3

FortiSASE 25.2 version 25.3.a

FortiAnalyzer versions 7.6.0 through 7.6.2

FortiAnalyzer versions 7.4.0 through 7.4.5

FortiAnalyzer versions 7.2.0 through 7.2.9

FortiAnalyzer versions 7.0.0 through 7.0.13

FortiAnalyzer 6.4 all versions

FortiAnalyzer 6.2 all versions

FortiAnalyzer 6.0 all versions

FortiAnalyzer Cloud versions 7.4.1 through 7.4.5

FortiAnalyzer Cloud versions 7.2.1 through 7.2.9

FortiAnalyzer Cloud versions 7.0.1 through 7.0.13

FortiAnalyzer Cloud 6.4 all versions

FortiManager versions 7.6.0 through 7.6.1

FortiManager versions 7.4.0 through 7.4.5

FortiManager versions 7.2.0 through 7.2.9

FortiManager versions 7.0.0 through 7.0.13

FortiManager 6.4 all versions

FortiManager 6.2 all versions

FortiManager 6.0 all versions

FortiManager Cloud version 7.6.2

FortiManager Cloud versions 7.4.1 through 7.4.5

FortiManager Cloud versions 7.2.1 through 7.2.9

FortiManager Cloud versions 7.0.1 through 7.0.13

FortiManager Cloud 6.4 all versions/LI>

Overview

Multiple vulnerabilities have been reported in Fortinet products which could allow an attacker to execute arbitrary code or commands, cause denial of service, disclose sensitive information, escalate privileges, or bypass access controls on the targeted system.

Target Audience:

All organizations and individuals using Fortinet products.

Risk Assessment:

High risk of system compromise, unauthorized command execution, privilege escalation, denial of service, and sensitive information disclosure.

Impact Assessment:

Execution of unauthorized code or commands, denial of service, disclosure of sensitive information, escalation of privilege, and improper access control.

Description

Fortinet is a global cybersecurity company that provides network security solutions, including firewalls, VPNs, and intrusion prevention systems.

Multiple vulnerabilities have been reported in Fortinet products, attributed to a stack-based buffer overflow in the FortiToken import feature; insertion of sensitive information into sent data in the csfd daemon and into log files in FortiOS; restricted CLI command bypass; domain fronting protection bypass in the explicit web proxy; improper certificate validation and insufficient session expiration in SSL VPN (including SAML authentication); open redirect and XSS in the Web Filter warning page; code injection in the login window; missing signature verification in FortiClient.app; unchecked return value vulnerabilities in the FortiOS API; local privilege escalation in LaunchDaemon; improper authorization over static files; weak authentication in WAD/GUI; an uncontrolled search path element in the online installer; and heap based buffer overflow issues in SSL VPN bookmarks, the fgfmsd daemon, and WebSocket.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or commands, cause denial of service, disclose sensitive information, gain escalated privileges, and bypass access controls on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://fortiguard.fortinet.com/psirt/FG-IR-23-354

https://fortiguard.fortinet.com/psirt/FG-IR-24-041

https://fortiguard.fortinet.com/psirt/FG-IR-24-228

https://fortiguard.fortinet.com/psirt/FG-IR-24-361

https://fortiguard.fortinet.com/psirt/FG-IR-24-372

https://fortiguard.fortinet.com/psirt/FG-IR-24-442

https://fortiguard.fortinet.com/psirt/FG-IR-24-452

https://fortiguard.fortinet.com/psirt/FG-IR-24-457

https://fortiguard.fortinet.com/psirt/FG-IR-24-487

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

https://fortiguard.fortinet.com/psirt/FG-IR-24-546

https://www.fortiguard.com/psirt/FG-IR-25-010

https://fortiguard.fortinet.com/psirt/FG-IR-25-037

https://fortiguard.fortinet.com/psirt/FG-IR-25-126

https://fortiguard.fortinet.com/psirt/FG-IR-25-653

https://fortiguard.fortinet.com/psirt/FG-IR-25-664

https://fortiguard.fortinet.com/psirt/FG-IR-25-684

https://fortiguard.fortinet.com/psirt/FG-IR-25-685

https://fortiguard.fortinet.com/psirt/FG-IR-25-756

Vendor Information

Fortinet

https://fortiguard.fortinet.com/psirt

References

Fortinet

https://fortiguard.fortinet.com/psirt/FG-IR-23-354

https://fortiguard.fortinet.com/psirt/FG-IR-24-041

https://fortiguard.fortinet.com/psirt/FG-IR-24-228

https://fortiguard.fortinet.com/psirt/FG-IR-24-361

https://fortiguard.fortinet.com/psirt/FG-IR-24-372

https://fortiguard.fortinet.com/psirt/FG-IR-24-442

https://fortiguard.fortinet.com/psirt/FG-IR-24-452

https://fortiguard.fortinet.com/psirt/FG-IR-24-457

https://fortiguard.fortinet.com/psirt/FG-IR-24-487

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

https://fortiguard.fortinet.com/psirt/FG-IR-24-546

https://www.fortiguard.com/psirt/FG-IR-25-010

https://fortiguard.fortinet.com/psirt/FG-IR-25-037

https://fortiguard.fortinet.com/psirt/FG-IR-25-126

https://fortiguard.fortinet.com/psirt/FG-IR-25-653

https://fortiguard.fortinet.com/psirt/FG-IR-25-664

https://fortiguard.fortinet.com/psirt/FG-IR-25-684

https://fortiguard.fortinet.com/psirt/FG-IR-25-685

https://fortiguard.fortinet.com/psirt/FG-IR-25-756

CVE Name

CVE-2023-46718

CVE-2024-26008

CVE-2024-47569

CVE-2025-58325

CVE-2025-25255

CVE-2024-50571

CVE-2025-31514

CVE-2025-25253

CVE-2025-25252

CVE-2025-31366

CVE-2025-47890

CVE-2025-22258

CVE-2025-31365

CVE-2025-46774

CVE-2025-58903

CVE-2025-57741

CVE-2025-54822

CVE-2025-57716

CVE-2025-57740

CVE-2025-49201

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmj3iHkACgkQ3jCgcSdc

ys/Shw/+KqZl+wLeDaVin7F4X6+R6Lx98tXJxlwLHW8ownpqR36LP/kvPLAVLJfr

kTtUosUHvFgjN1wGa/NjeX4hzgdNEJLl/Qu3M+4sYtsBcOkOEbnOVwg3oczTAB48

Cg2qYaE6gOfNqyQFBkA8EecP9jjssrQ3YscGpydwBif2hnZYZm3FcYmv6D419UI7

ofGNM5d/BJBisGVGxzR6q5PGS+j6/qDJ/n8Ss9e/XYURBVKTuMy83V25ZtV0ioKX

+LnrQjIqSnssiJxoxBzP1rdOtgwr7i1903+vwivLzO4LrzcJWbCzrmIqceWN1Vno

KAOTa+oWwt/6HKtEpSJd9UecS0yZPUmoq5nuGUEn7fpQWYQFtsONWdPbdHpw1E0z

ztpT10nfuALxuXBd/8bg8XMbkxxz8eN6qY7xCQxB7EWMK4A+32RZyjEOAWzf7uJH

snyyHRjSacOddg3UM5ytNN4Vct0uyzbq6qKJOOA4n4SwQeT+XWQ/SR71d6iyqLbO

i09naXNaXueBjLZ2kDXBTDI/ZUo5IYUTTh1jw2FP0vUpos1/6enDL6wZWj48Hos2

tcqqPPWmsAXa08WTAtHdow90ibSWbuiUCUBh99UJ4688VPWmv5YcDzrnRcJR3fIv

lumpShPCsdgAzOBUa5MA7U7UlIQkS2mrYkmRaCgmDbD7eX5SWtA=

=nDJx

—–END PGP SIGNATURE—–