No.TitleCVE IDSeverityModel
1fgfmsd에서 인증이 누락되었습니다CVE-2024-47575CriticalFortiManager
2CLI의 TFTP 클라이언트 라이브러리의 버퍼 오버플로CVE-2021-42757Medium 아래 참조
3펌웨어 검증의 버퍼 언더라이트CVE-2021-24018Medium 아래 참조


1. fgfmsd에서 인증이 누락되었습니다(https://fortiguard.fortinet.com/psirt/FG-IR-24-423)

FortiManager fgfmd 데몬의 중요 기능에 대한 인증이 누락된 취약점[CWE-306]으로 인해 원격의 인증되지 않은 공격자가 특별히 제작된 요청을 통해 임의의 코드나 명령을 실행할 수 있습니다.

보고에 따르면 이러한 취약점이 실제로 악용되고 있는 것으로 나타났습니다.

VersionAffectedSolution
FortiManager 7.67.6.0Upgrade to 7.6.1 or above
FortiManager 7.47.4.0 through 7.4.4Upgrade to 7.4.5 or above
FortiManager 7.27.2.0 through 7.2.7Upgrade to 7.2.8 or above
FortiManager 7.07.0.0 through 7.0.12Upgrade to 7.0.13 or above
FortiManager 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiManager 6.26.2.0 through 6.2.12Upgrade to 6.2.13 or above
FortiManager Cloud 7.6Not affectedNot Applicable
FortiManager Cloud 7.47.4.1 through 7.4.4Upgrade to 7.4.5 or above
FortiManager Cloud 7.27.2.1 through 7.2.7Upgrade to 7.2.8 or above
FortiManager Cloud 7.07.0.1 through 7.0.12Upgrade to 7.0.13 or above
FortiManager Cloud 6.46.4 all versionsMigrate to a fixed release


2. CLI의 TFTP 클라이언트 라이브러리의 버퍼 오버플로(https://fortiguard.fortinet.com/psirt/FG-IR-21-173)

FortiOS의 TFTP 클라이언트 라이브러리에 있는 버퍼 오버플로[CWE-121]로 인해 인증된 로컬 공격자가 특별히 제작된 명령줄 인수를 통해 임의의 코드를 실행할 수 있습니다.

VersionAffectedSolution
FortiADC 7.0Not affectedNot Applicable
FortiADC 6.26.2.0 through 6.2.2Upgrade to 6.2.3 or above
FortiADC 6.16.1.0 through 6.1.5Upgrade to 6.1.6 or above
FortiADC 6.06.0 all versionsMigrate to a fixed release
FortiADC 5.45.4 all versionsMigrate to a fixed release
FortiADC 5.35.3 all versionsMigrate to a fixed release
FortiADC 5.25.2 all versionsMigrate to a fixed release
FortiADC 5.15.1 all versionsMigrate to a fixed release
FortiADC 5.05.0 all versionsMigrate to a fixed release
FortiAnalyzer 7.07.0.0 through 7.0.2Upgrade to 7.0.3 or above
FortiAnalyzer 6.46.4.0 through 6.4.7Upgrade to 6.4.8 or above
FortiAnalyzer 6.26.2 all versionsMigrate to a fixed release
FortiAnalyzer 6.06.0 all versionsMigrate to a fixed release
FortiDDoS 5.6Not affectedNot Applicable
FortiDDoS 5.55.5.0 through 5.5.1Upgrade to 5.5.2 or above
FortiDDoS 5.45.4 all versionsMigrate to a fixed release
FortiDDoS 5.35.3 all versionsMigrate to a fixed release
FortiDDoS 5.25.2 all versionsMigrate to a fixed release
FortiDDoS 5.15.1 all versionsMigrate to a fixed release
FortiDDoS 5.05.0 all versionsMigrate to a fixed release
FortiDDoS 4.74.7 all versionsMigrate to a fixed release
FortiDDoS 4.64.6 all versionsMigrate to a fixed release
FortiDDoS 4.54.5 all versionsMigrate to a fixed release
FortiDDoS 4.44.4 all versionsMigrate to a fixed release
FortiDDoS-F 6.46.4.0 through 6.4.1Upgrade to 6.4.2 or above
FortiDDoS-F 6.36.3.0Upgrade to 6.3.1 or above
FortiDDoS-F 6.26.2.0 through 6.2.2Upgrade to 6.2.3 or above
FortiDDoS-F 6.16.1.0 through 6.1.4Upgrade to 6.1.5 or above
FortiMail 7.2Not affectedNot Applicable
FortiMail 7.07.0.0 through 7.0.2Upgrade to 7.0.3 or above
FortiMail 6.46.4.0 through 6.4.6Upgrade to 6.4.7 or above
FortiMail 6.26.2.0 through 6.2.7Migrate to a fixed release
FortiMail 6.06.0 all versionsMigrate to a fixed release
FortiMail 5.45.4 all versionsMigrate to a fixed release
FortiManager 7.07.0.0 through 7.0.2Upgrade to 7.0.3 or above
FortiManager 6.46.4.0 through 6.4.7Upgrade to 6.4.8 or above
FortiManager 6.26.2 all versionsMigrate to a fixed release
FortiManager 6.06.0 all versionsMigrate to a fixed release
FortiNDR 7.0Not affectedNot Applicable
FortiNDR 1.51.5.0 through 1.5.2Migrate to a fixed release
FortiNDR 1.41.4 all versionsMigrate to a fixed release
FortiNDR 1.31.3 all versionsMigrate to a fixed release
FortiNDR 1.21.2 all versionsMigrate to a fixed release
FortiNDR 1.11.1 all versionsMigrate to a fixed release
FortiOS 7.07.0.0 through 7.0.2Upgrade to 7.0.3 or above
FortiOS 6.46.4.0 through 6.4.7Upgrade to 6.4.8 or above
FortiOS 6.26.2.0 through 6.2.9Upgrade to 6.2.10 or above
FortiOS 6.06.0.0 through 6.0.13Upgrade to 6.0.14 or above
FortiOS 5.65.6 all versionsMigrate to a fixed release
FortiOS 5.45.4 all versionsMigrate to a fixed release
FortiOS 5.25.2 all versionsMigrate to a fixed release
FortiOS 5.05.0 all versionsMigrate to a fixed release
FortiOS-6K7K 6.46.4.6Upgrade to 6.4.8 or above
FortiOS-6K7K 6.46.4.2Upgrade to 6.4.8 or above
FortiOS-6K7K 6.26.2.6 through 6.2.7Upgrade to 6.2.9 or above
FortiOS-6K7K 6.26.2.4Upgrade to 6.2.9 or above
FortiOS-6K7K 6.06.0.12 through 6.0.17Migrate to a fixed release
FortiOS-6K7K 6.06.0.10Migrate to a fixed release
FortiPortal 6.06.0.0 through 6.0.10Upgrade to 6.0.11 or above
FortiPortal 5.35.3 all versionsMigrate to a fixed release
FortiPortal 5.25.2 all versionsMigrate to a fixed release
FortiPortal 5.15.1 all versionsMigrate to a fixed release
FortiPortal 5.05.0 all versionsMigrate to a fixed release
FortiProxy 7.07.0.0 through 7.0.1Upgrade to 7.0.2 or above
FortiProxy 2.02.0.0 through 2.0.7Upgrade to 2.0.8 or above
FortiProxy 1.21.2 all versionsMigrate to a fixed release
FortiProxy 1.11.1 all versionsMigrate to a fixed release
FortiProxy 1.01.0 all versionsMigrate to a fixed release
FortiRecorder 7.0Not affectedNot Applicable
FortiRecorder 6.46.4.0 through 6.4.2Upgrade to 6.4.3 or above
FortiRecorder 6.06.0.0 through 6.0.10Upgrade to 6.0.11 or above
FortiRecorder 2.72.7.0 through 2.7.7Upgrade to 2.7.8 or above
FortiRecorder 2.62.6 all versionsMigrate to a fixed release
FortiSwitch 7.2Not affectedNot Applicable
FortiSwitch 7.07.0.0 through 7.0.3Upgrade to 7.0.4 or above
FortiSwitch 6.46.4.0 through 6.4.9Upgrade to 6.4.10 or above
FortiSwitch 6.26.2.0 through 6.2.7Migrate to a fixed release
FortiSwitch 6.06.0 all versionsMigrate to a fixed release
FortiVoice 6.46.4.0 through 6.4.4Upgrade to 6.4.5 or above
FortiVoice 6.06.0.0 through 6.0.10Upgrade to 6.0.11 or above
FortiWeb 7.0Not affectedNot Applicable
FortiWeb 6.46.4.0 through 6.4.1Upgrade to 6.4.2 or above
FortiWeb 6.36.3.0 through 6.3.16Upgrade to 6.3.17 or above
FortiWeb 6.26.2 all versionsMigrate to a fixed release
FortiWeb 6.16.1 all versionsMigrate to a fixed release
FortiWeb 6.06.0 all versionsMigrate to a fixed release
FortiWeb 5.95.9 all versionsMigrate to a fixed release
FortiWeb 5.85.8 all versionsMigrate to a fixed release
FortiWeb 5.75.7 all versionsMigrate to a fixed release
FortiWeb 5.65.6 all versionsMigrate to a fixed release
FortiWeb 5.55.5 all versionsMigrate to a fixed release
FortiWeb 5.45.4 all versionsMigrate to a fixed release
FortiWeb 5.35.3 all versionsMigrate to a fixed release
FortiWeb 5.25.2 all versionsMigrate to a fixed release
FortiWeb 5.15.1 all versionsMigrate to a fixed release
FortiWeb 5.05.0 all versionsMigrate to a fixed release


3.펌웨어 검증의 버퍼 언더라이트(https://fortiguard.fortinet.com/psirt/FG-IR-21-046)

FortiWeb, FortiOS, FortiSwitch, FortiADC, FortiAI, FortiManager, FortiAnalyzer, FortiProxy의 펌웨어 검증 루틴에 있는 버퍼 언더라이트(CWE-124) 취약성으로 인해 인접 네트워크에 있는 공격자가 특별히 제작된 펌웨어 이미지를 통해 임의의 코드를 실행할 가능성이 있습니다.

Affected Products
FortiOS version 7.0.0
FortiOS version 6.4.0 through 6.4.6
FortiOS version 6.2.0 through 6.2.9
FortiOS version 6.0.0 through 6.0.13
FortiOS 5.6 all versions
FortiOS 5.4 all versions
FortiOS 5.2 all versions
FortiOS 5.0 all versions
At least
FortiNDR 1.5 all versions
FortiNDR 1.4 all versions
FortiNDR 1.3 all versions
FortiNDR 1.2 all versions
FortiNDR 1.1 all versions
FortiProxy version 7.0.0
FortiProxy 2.0 all versions
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions
At least
FortiVoice version 6.4.0 through 6.4.6
FortiVoice version 6.0.0 through 6.0.11
At least
FortiAnalyzer version 7.0.0 through 7.0.2
FortiAnalyzer version 6.4.0 through 6.4.7
FortiAnalyzer 6.2 all versions
FortiAnalyzer 6.0 all versions
FortiDDoS-F version 6.3.0
FortiDDoS-F version 6.2.0 through 6.2.2
FortiDDoS-F version 6.1.0 through 6.1.4
At least
FortiADC version 6.2.0 through 6.2.2
FortiADC version 6.1.0 through 6.1.5
FortiADC 6.0 all versions
FortiADC 5.4 all versions
FortiADC 5.3 all versions
FortiADC 5.2 all versions
FortiADC 5.1 all versions
FortiADC 5.0 all versions
At least
FortiDDoS version 5.5.0 through 5.5.1
FortiDDoS 5.4 all versions
FortiDDoS 5.3 all versions
FortiDDoS 5.2 all versions
FortiDDoS 5.1 all versions
FortiDDoS 5.0 all versions
FortiDDoS 4.7 all versions
FortiDDoS 4.6 all versions
FortiDDoS 4.5 all versions
FortiDDoS 4.4 all versions
At least
FortiManager version 7.0.0 through 7.0.2
FortiManager version 6.4.0 through 6.4.7
FortiManager 6.2 all versions
FortiManager 6.0 all versions
FortiWeb version 6.4.0 through 6.4.1
FortiWeb version 6.3.0 through 6.3.15
FortiWeb 6.2 all versions
FortiWeb 6.1 all versions
FortiWeb 6.0 all versions
FortiWeb 5.9 all versions
FortiWeb 5.8 all versions
FortiWeb 5.7 all versions
FortiWeb 5.6 all versions
FortiWeb 5.5 all versions
FortiWeb 5.4 all versions
FortiWeb 5.3 all versions
At least
FortiRecorder version 6.4.0 through 6.4.2
FortiRecorder version 6.0.0 through 6.0.10
FortiRecorder 2.7 all versions
FortiRecorder 2.6 all versions
At least
FortiSwitch version 7.0.0 through 7.0.2
FortiSwitch version 6.4.0 through 6.4.8
FortiSwitch 6.2 all versions
FortiSwitch 6.0 all versions