Multiple vulnerabilities in Fortinet's FortiAnalyzer and FortiManager products, including their cloud variants, could allow a remote attacker to execute code, disclose sensitive information, or bypass security restrictions. Affected versions include FortiAnalyzer/FortiManager 6.4 all versions, 7.0 all versions, 7.2 all versions, 7.4 all versions, and 7.6.0 through 7.6.4, with specific ranges also listed for their cloud counterparts. Fortinet has released fixes; administrators must apply the patches referenced in the provided PSIRT advisories (FG-IR-26-078, FG-IR-26-079, FG-IR-26-098).
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure and security restriction bypass on the targeted system. Impact Security Restriction Bypass Information Disclosure Remote Code Execution System / Technologies affected FortiAnalyzer FortiAnalyzer 6.4 all versions FortiAnalyzer 7.0 all versions FortiAnalyzer 7.2 all versions FortiAnalyzer 7.4 all versions FortiAnalyzer 7.6.0 through 7.6.4 FortiAnalyzer Cloud FortiAnalyzer Cloud 6.4 all versions FortiAnalyzer Cloud 7.0.1 through 7.0.14 FortiAnalyzer Cloud 7.2.1 through 7.2.10 FortiAnalyzer Cloud 7.4.1 through 7.4.7 FortiAnalyzer Cloud 7.6.2 FortiManager FortiManager 6.4 all versions FortiManager 7.0 all versions FortiManager 7.2 all versions FortiManager 7.4 all versions FortiManager 7.6.0 through 7.6.4 FortiManager Cloud FortiManager Cloud 6.4 all versions FortiManager Cloud 7.0.1 through 7.0.14 FortiManager Cloud 7.2.1 through 7.2.10 FortiManager Cloud 7.4.1 through 7.4.7 FortiManager Cloud 7.6.2 through 7.6.3 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://fortiguard.fortinet.com/psirt/FG-IR-26-078 https://fortiguard.fortinet.com/psirt/FG-IR-26-079 https://fortiguard.fortinet.com/psirt/FG-IR-26-098