Technical Service Center

    No. 발생일 취약점 이름 심각도 CVE 코드 영향받는 제품 1 2025-12-09 Reflected XSS in HA cluster Medium CVE-2025-54353 FortiSandbox 2 2025-12-09 Read-only admin could obtain admin configuration secrets Low CVE-2025-59923 FortiAuthenticator 3 2025-12-09 Private key readable by admin Medium CVE-2024-40593 FortiAnalyzer, FortiManager, FortiOS, FortiPortal 4 2025-12-09 Path traversal vulnerability in administrative interface High CVE-2025-60024 FortiVoice 5 2025-12-09 OS command injection in multiple endpoints High CVE-2025-53949 FortiSandbox 6 2025-12-09 OS command injection in GUI backup options Medium CVE-2025-53679 FortiSandbox 7 2025-12-09 Multiple authenticated SQL injection via extraParam Medium CVE-2025-64156 FortiVoice 8 2025-12-09 Multiple authenticated OS Command Injections via API Medium CVE-2025-64153 FortiExtender 9 2025-12-09 Multiple Fortinet Products' FortiCloud SSO Login Authentication Bypass Critical CVE-2025-59718, CVE-2025-59719 FortiOS, FortiWeb, FortiProxy, FortiSwitchManager 10 2025-12-09 Missing authorization on log access Low CVE-2025-57823 FortiAuthenticator 11 2025-12-09 Insufficient Session Expiration in SSLVPN Medium CVE-2025-62631 FortiOS SSLVPN 12 2025-12-09 Insertion of sensitive information into REST API logs Medium CVE-2024-47570 FortiOS FortiPAM FortiProxy FortiSASE  FortiSRA 13 2025-12-09 Incorrect authorization in multi-vdom environment Medium CVE-2025-54838 FortiPortal 14 2025-12-09 Current password requirement bypass for self password change Medium CVE-2025-59808 FortiSOAR PaaS, FortiSOAR on-premise 15 2025-12-09 Capacity to use password hashes instead of password for authentication Medium CVE-2025-64471 FortiWeb 16 2025-12-09 Capacity to forge authentication cookies High CVE-2025-64447 FortiWeb 17 2025-12-09 Broken access control on API endpoints Medium CVE-2025-59810 FortiSOAR PaaS 7.6 FortiSOAR PaaS 7.5 FortiSOAR PaaS 7.4 FortiSOA...

2024.12.17 update ● Product / Platform Lifecycle Hardware 지원 OS End Of Sale End Of Maintenance  (+24 Months) End Of Support  (+12 Months) After End Of Support  (기간은 모델별 다름) 2~3 series 21.x / 22.x / 23.x / 24.x / 25.3.8 2012-09-30 2014-09-30 2016-12-30 종료 4416 26.x / 27.x / 28.x / 29.x / 30.x 2015-07-31 2017-07-31 2018-07-31 2021-07-31 / 종료 4208 32.x / 33.x / 34.x 계획없음 4408 26.x / 27.x / 28.x / 29.x / 30.x 2019-01-31 2021-01-31 2022-01-31 2023-01-31 / 종료 4024 26.x / 27.x / 28.x / 29.x / 30.x / 31.x / 32.x 2021-03-10 2023-03-10 2024-03-10 2025-03-31 / 종료 5224 26.x / 27.x / 28.x / 29.x / 30.x / 31.x / 32.x 2021-03-10 2023-03-10 2024-03-10 2025-03-31 / 종료 5208 29.x / 30.x / 31.x / 32.x / 33.x / 34.x 계획없음 4028/5424/5820 32.x / 33.x / 34.x 계획없음 5412 26.x / 27.x / 28.x / 29.x / 30.x 2021-10-31 2023-10-31 2024-10-31 종료 6020/6420 29.5.x / 30.x / 31.x / 32.x 2023-05-22 2025-05-22 2026-05-22 미정 6024 30.5.x / 31.x / 32.x / 33.x / 34.x 계획없음 6300 34.x 계획없음 7612/7220 32.x / 33.x / 34.x  2024-11-28 2026-11-28 2027-11-28 미정 7100/7700 33.5.x / 34.x 계획없음 8420 30.x / 31.x / 32.x 2023-05-22 2025-05-22 2026-05-22 미정 9800 32.x / 33.x / 34.x  계획없음 # After End of Support - Radware 의 수리부품 재고 소진완료시 까지 하드웨어 RMA 추가 지원 기간 - AEOS 지원 유무는 해당 모델의 EOS 1달전 정도의 시점에 결정되며 1년 단위로 추가 지원 갱신 결정

Description Description CVE ID 2021-33909 CVSS Level High 7.8 Vulnerable Component Linux Kernel Product Status  Product Branch Vulnerable version ETA for FIX Fix introduced in version  Vision  4.80.x and later  None NA   Alteon 34.x All partially NA Vulnerable only on U18 based Alteon VA 33.x All partially NA Vulnerable only on U18 based Alteon VA

Description Description CVE ID 2023-38406 CVSS Level 9.8 Critical Vulnerable Component FRR BGP library   Product Status Product Branch Vulnerable version ETA for FIX Fix introduced in version Notes Alteon 34.x 34.0.0.0 - 34.0.2.0   34.0.3.0   33.x Below 33.0.11.0 Below 33.5.7.0   33.0.11.0 33.5.7.0    

Description Description CVE ID 2024-53150 CVSS Level 7.1 High Vulnerable Component Linux Kernal USB-Audio driver   Product Status Product Branch Vulnerable version ETA for FIX Fix introduced in version Notes Alteon 34.x All versions 31.06.25 34.0.9.0 34.5.4.0 Alteon is vulnerable only if a compromised USB audio device is connected 33.x All versions 31.06.25 33.0.17.0 33.5.13.0  

Description Description CVE ID 2024-53197 CVSS Level NA Vulnerable Component Linux Kernal USB-Audio driver   Product Status Product Branch Vulnerable version ETA for FIX Fix introduced in version Notes Alteon 34.x All versions 31.06.25 34.0.9.0 34.5.4.0 This Vulnerability applies only to platforms: 6300 (VL3), 8600 (MRQP) and only if a compromised USB audio device is connected. 33.x Not Vulnerable