Fortinet Security Updates September 2023
Date of Notice: 09/15/2023
Action Level - High
Description
Fortinet has released updates to FortiOS, FortiProxy, and Fortiweb addressing numerous vulnerabilities to these products. If exploited, these vulnerabilities could allow an attacker to bypass protections and execute arbitrary code. The vulnerabilities were discovered by Fortinet employees and there are currently no indications that they have been exploited, but Fortinet recommends identification and prompt update of impacted systems.
Fixed Versions
- FortiProxy version 7.2.5 or above
- FortiProxy version 7.0.11 or above
- FortiOS version 7.4.0 or above
- FortiOS version 7.2.5 or above
- FortiOS version 7.0.12 or above
- FortiOS version 6.4.13 or above
- FortiOS version 6.2.15 or above
- FortiWeb version 7.2.2 or above
- FortiWeb version 7.0.7 or above
Attack Vector
An attacker with network access to the device running impacted Fortinet software.
Attack Feasibility
There are currently no known exploits for this vulnerability.
Mitigation
There are no known mitigations for this vulnerability.
Remediation
Update to a current supported version of FortiOS, Fortiproxy, or FortiWeb.
Vendor Resources
https://www.fortiguard.com/psirt/FG-IR-23-106