Fortinet Addresses Security Issues in FortiSandbox, FortiOS, and Other Products

Published on

Fortinet’s Product Security Incident Response Team (PSIRT) announced the resolution of several critical and high-severity security vulnerabilities affecting various Fortinet products, including FortiSandbox and FortiOS.

These updates are part of Fortinet’s ongoing efforts to enhance the security and reliability of its solutions, ensuring a robust defense against potential threats.

A total of eight advisories were released, addressing vulnerabilities that range from incorrect authorization and format string weaknesses to OS command injection and authentication bypass issues.

Here are the details of the advisories:

Users are advised to update their Fortinet products to the latest versions to mitigate these vulnerabilities.

For a recommended upgrade path, Fortinet’s Upgrade Path Tool can be consulted. The company emphasizes the importance of staying vigilant and proactive in addressing security issues to ensure the integrity of its solutions.

Fortinet continues to demonstrate its commitment to security and customer safety by swiftly addressing potential vulnerabilities and providing timely updates.

As cybersecurity threats continue to evolve, maintaining updated software and following best practices are crucial for organizations to protect their networks effectively.

To report any security-related issues to Fortinet’s PSIRT or learn more about Fortinet’s security policies, users can visit the Fortinet PSIRT Policy page.

For further details on how to secure Fortinet products and services, users are encouraged to engage with Fortinet’s security community resources.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.