Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution.

 

  • FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.
  • FortiClient Endpoint Management Server (EMS) is a centralized platform for managing and deploying FortiClient software on endpoints, providing visibility, policy enforcement, and compliance management for organizations using FortiClient for endpoint security. 
  • FortiIsolator is a browser isolation solution from Fortinet designed to protect users from zero-day malware and phishing threats delivered over the web and email by creating a visual "air gap" between the user's browser and the web content.
  • FortiManager is a comprehensive network management solution designed to streamline the administration, configuration, and monitoring of Fortinet devices across complex network environments.
  • FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines.
  • FortiProxy is a secure web proxy solution that enhances network security by filtering web traffic and providing advanced threat protection.
  • FortiSwitch Manager enables network administrators to cut through the complexities of non-FortiGate-managed FortiSwitch deployments.
  • FortiVoice is a robust communication solution that integrates voice, conferencing, and messaging services to enhance business collaboration and productivity.
  • FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.

 

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read more... Cyber Security Advisories - MS-ISAC