heise PlusAbo
Anzeige

Malware vulnerabilities threaten FortiOS, FortiSandbox & Co.

Several Fortinet products are vulnerable. Security patches provide a remedy.

listen Print view
An appliance connects many clients with cables through the cloud. You and a few clients burn.

(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)

1 min. read
Security
By

Under certain conditions, attackers can target FortiAnalyzer, FortiOS, FortiSandbox, FortiPAM, FortiProxy and FortiWeb. So far, however, there is no information about ongoing attacks. However, admins should not wait too long to install the security updates.

Preventing attacks

As can be seen from the IT security section of the Fortinet website, various versions of the products mentioned are vulnerable. The most dangerous is a vulnerability (CVE-2024-52961 “high”) in FortiSandbox 3.0 up to and including 5.0.

Because inputs are not sufficiently sanitized, attackers can execute their commands without authentication using special, unspecified inputs. However, this should require at least read-only authorizations. Editions 4.0.6, 4.2.8, 4.4.7 and 5.0.1 are equipped against this.

Videos by heise

FortiOS, FortiPAM, FortiProxy and FortiWeb are vulnerable to malicious code attacks (CVE-2024-45324 “high”), among other things. The network supplier lists the editions that are equipped against this in a warning message.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten