Systems Engineering is aware of the Fortinet FortiOS, FortiManager, and FortiAnalyzer affecting multiple versions of these products.
Fortinet rates these vulnerabilities as HIGH.
FortiManager/Analyzer | CVE-2024-23666
A client-side enforcement of server-side security vulnerability in FortiAnalyzer may allow an authenticated attacker with at least read-only permission to execute sensitive operations via crafted requests.
SCOPE
Per Fortinet’s Security Advisory notice, the specific versions of Manager and Analyzer that are affected are as follows:
FortiOS | CVE-2024-50176
A session fixation vulnerability in FortiOS may allow an unauthenticated attacker to hijack a user session via a phishing SAML authentication link.
SCOPE
Per Fortinet’s Security Advisory notice, the specific versions of FortiOS that are affected are as follows:
COURSE OF ACTION
Fortinet has released a patch to remediate affected systems.
For clients who have Systems Engineering manage their FortiGates, FortiManager, and FortiAnalyzer, we will proactively patch your systems and contact you about remediating this vulnerability. FortiManagers and FortiGates can be upgraded without downtime impacting your network performance.
For clients who manage their own FortiManager and FortiManager Cloud, we strongly recommend you have your affected systems patched for this vulnerability. If you would like our assistance with patching, please reach out to Systems Engineering Customer Service at 207.772.4199 to have a ticket opened to get your system updated.
If you are a Systems Engineering client and have questions about this Security Alert, please contact your Account Manager
