Skip to content

Commit 8bd3007

Browse files
Dinindu-WickDinindu-Wick
authored
Fortinet Security Updates for FortiManager - 20241223001
1 parent afaf623 commit 8bd3007

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

docs/advisories/20241223001-Fortinet-Security-Updates-for-FortiManager.md

+36
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
# Fortinet Security Updates for FortiManager - 20241223001
2+
3+
## Overview
4+
5+
Fortinet has released security updates for FortiManager to address a vulnerability where a remote threat actor could exploit the vulnerability to take control of an affected system.
6+
7+
## What is vulnerable?
8+
9+
| Product(s) Affected | Version(s) | CVE| CVSS| Severity|
10+
| ------------------- | :---------- | ---------------------------- | ------------ | ----------------------------- |
11+
| FortiManager | ***7.6.0*** <br> ***7.4.0 through 7.4.4*** <br> ***Cloud 7.4.1 through 7.4.4*** <br> ***7.2.3 through 7.2.7*** <br> ***Cloud 7.2.1 through 7.2.7*** <br> ***7.0.5 through 7.0.12*** <br> ***Cloud 7.0.1 through 7.0.12*** <br> ***6.4.10 through 6.4.14*** | [CVE-2024-48889](https://nvd.nist.gov/vuln/detail/CVE-2024-48889)| 7.2 | High|
12+
13+
## What has been observed?
14+
15+
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
16+
17+
## Recommendation
18+
19+
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)):
20+
21+
- Fortinet: <https://www.fortiguard.com/psirt/FG-IR-24-425>
22+
23+
| **Product** | **Affected Versions** | **Solution** |
24+
|---|---|---|
25+
| FortiManager 7.6 | **_7.6.0_** | Upgrade to 7.6.1 or above |
26+
| FortiManager 7.4 | **_7.4.0 through 7.4.4_** | Upgrade to 7.4.5 or above |
27+
| FortiManager 7.4 | **_Cloud 7.4.1 through 7.4.4_** | Upgrade to 7.4.5 or above |
28+
| FortiManager 7.2 | **_7.2.3 through 7.2.7_** | Upgrade to 7.2.8 or above |
29+
| FortiManager 7.2 | **_Cloud 7.2.1 through 7.2.7_** | Upgrade to 7.2.8 or above |
30+
| FortiManager 7.0 | **_7.0.5 through 7.0.12_** | Upgrade to 7.0.13 or above |
31+
| FortiManager 7.0 | **_Cloud 7.0.1 through 7.0.12_** | Upgrade to 7.0.13 or above |
32+
| FortiManager 6.4 | **_6.4.10 through 6.4.14_** | Upgrade to 6.4.15 or above |
33+
34+
## Additional References
35+
36+
- CISA Cybersecurity Advisories: <https://www.cisa.gov/news-events/alerts/2024/12/20/fortinet-releases-security-updates-fortimanager>

0 commit comments

Comments
 (0)