Fortinet Releases Security Updates for Multiple Products

Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the following advisories and apply necessary updates:  

• FR-IR-23-390: FortiClientEMS - CSV injection in log download feature

• FR-IR-23-328: FortiOS, FortiProxy - Out-of-bounds Write in captive portal 

• FR-IR-24-013: FortiOS, FortiProxy - Authorization bypass in SSLVPN bookmarks

• FR-IR-23-103: FortiWLM MEA for FortiManager - Improper access control in backup and restore features

• FR-IR-24-007: Pervasive SQL injection in DAS component