| FortiOS 7.4<\/gwmw><\/td> | 7.4.0 through 7.4.2<\/td> | Upgrade to 7.4.3 or above<\/td><\/tr> |
| FortiOS 7.2<\/td> | 7.2.0 through 7.2.6<\/td> | Upgrade to 7.2.7 or above<\/td><\/tr> |
| FortiOS 7.0<\/td> | 7.0.0 through 7.0.13<\/td> | Upgrade to 7.0.14 or above<\/td><\/tr> |
| FortiOS 6.4<\/td> | 6.4.0 through 6.4.14<\/td> | Upgrade to 6.4.15 or above<\/td><\/tr> |
| FortiOS 6.2<\/td> | 6.2.0 through 6.2.15<\/td> | Upgrade to 6.2.16 or above<\/td><\/tr> |
| FortiOS 6.0<\/td> | 6.0 all versions<\/td> | Migrate to a fixed release<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n <\/gwmw>The company also addressed the following medium-severity issues:<\/gwmw><\/p>\n\n\n\n \n- CVE-2024-26010<\/strong><\/a> – A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager could allow a remote attacker to execute arbitrary code or commands by sending crafted packets to the fgfmd daemon. However, the exploitability of this vulnerability depends on specific conditions that are not controllable by the attacker.<\/li>\n\n\n\n
- CVE-2024-23111<\/a><\/strong> – A cross-site scripting vulnerability [CWE-79] in the reboot page of FortiOS and FortiProxy could enable a remote attacker with super-admin access to execute JavaScript code through specially crafted HTTP GET requests.<\/gwmw><\/gwmw><\/li>\n\n\n\n
- CVE-2023-46720<\/a> – Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiOS could permit an authenticated attacker to execute arbitrary code by using specially crafted CLI commands.<\/gwmw><\/gwmw><\/li>\n<\/ul>\n\n\n\n
The company also fixed a low-severity issue tracked as CVE-2024-21754<\/a>.<\/p>\n\n\n\n The company did not reveal if one of the above issues was actively exploited in the wild.<\/gwmw><\/p>\n\n\n\n Pierluigi\u00a0Paganini<\/strong><\/a><\/gwmw><\/gwmw><\/p>\n\n\n\n Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/strong><\/a><\/p>\n\n\n\n (<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, Fortinet FortiOS)<\/strong><\/p>\n\n\n\n <\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":" Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of […]<\/p>\n","protected":false},"author":1,"featured_media":94398,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[832,11752,4112,9508,9506,10918,687,841,1533],"class_list":["post-164494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-fortinet","tag-fortinet-fortios","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news"],"yoast_head":"\n杭州江阴科强工业胶带有限公司 |