Systems Engineering is aware of the recently disclosed FortiBleed security situation, which has impacted a significant number of organizations utilizing Fortinet FortiGate devices globally. The security of our clients is our top priority, and our team has assessed the FortiBleed situation.

Systems Engineering is closely monitoring a critical security situation involving Fortinet FortiOS. Recent analysis has identified a sophisticated exploitation technique targeting the Single Sign-On (SSO) mechanism, allowing unauthorized administrative access to affected devices. Additionally, we are continuing our response to a separate high-severity vulnerability released earlier this month.

Citrix has released a security bulletin (CTX693420) disclosing two high-severity vulnerabilities affecting NetScaler ADC and NetScaler Gateway appliances. Depending on the deployment configuration, these vulnerabilities could allow attackers to bypass management access controls or perform memory over-reads. 

Fortinet has announced a critical vulnerability surrounding FortiSwitch Firmware. The vulnerability is related to the switch's password change function. An unauthenticated attacker with access to the GUI could modify passwords via specially crafted requests.  

On January 14, 2025, Fortinet announced several vulnerabilities impacting multiple products. At Systems Engineering, we are highlighting these vulnerabilities as they affect the Fortinet solutions we support. Specifically, these issues impact FortiGate, FortiSwitch, FortiManager, FortiAnalyzer, FortiClient EMS, and FortiClient for Windows.

Systems Engineering is aware of the Fortinet FortiOS, FortiManager, and FortiAnalyzer affecting multiple versions of these products.

Fortinet rates these vulnerabilities as HIGH.

Systems Engineering is aware of the Fortinet FortiManager missing authentication for critical function vulnerability in the fgfmd process, CVE-2024-47575. Reports have shown this vulnerability to be exploited in the wild.