Fortinet bazı ürünlerin için kritik güncellemeler yayınladı. Zafiyetlerden etkilenen ürünler FortiProxy ve FortiWeb.
Güvenlik açıkları RCE’den DoS kadar saldırılara karşı sistemi savunmasız bırakabiliyor.
Etkilenen ürünler ve güncelleme linklerine aşağıdaki tablodan ulaşabilirsiniz.
| CVE ID | Vulnerability type | Impacted products | Fixed versions | Date first published | Date Fixed |
| CVE-2018-13383 | DoS, RCE | FortiProxy SSL VPN 2.0.0 and below, 1.2.8 and below, 1.1.6 and below, 1.0.7 and below. | FortiProxy SSL VPN >= 2.0.1 and >= 1.2.9. | April 2, 2019 | February 1, 2021 |
| CVE-2018-13381 | DoS | FortiProxy SSL VPN 2.0.0 and below, 1.2.8 and below, 1.1.6 and below, 1.0.7 and below. | FortiProxy SSL VPN >= 2.0.1 and >= 1.2.9. | May 17, 2019 | February 1, 2021 |
| CVE-2020-29015 | SQL Injection | FortiWeb 6.3.7 and below, 6.2.3 and below. | FortiWeb >= 6.3.8, >= 6.2.4 | Jan 4, 2021 | Jan 4, 2021 |
| CVE-2020-29016 | RCE | FortiWeb 6.3.5 and below, 6.2.3 and below | FortiWeb >= 6.3.6, >= 6.2.4 | Jan 4, 2021 | Jan 4, 2021 |
| CVE-2020-29017 | RCE | FortiDeceptor 3.1.0 and below, 3.0.1 and below. | FortiDeceptor >= >= 3.2.0, 3.1.1, >= 3.0.2 | Jan 4, 2021 | Jan 4, 2021 |
| CVE-2020-29018 | RCE | FortiWeb 6.3.5 and below | FortiWeb >= 6.3.6 | Jan 4, 2021 | Jan 4, 2021 |
| CVE-2020-29019 | DoS | FortiWeb 6.3.7 and below, 6.2.3 and below | FortiWeb >= 6.3.8, >= 6.2.4 | Jan 4, 2021 | Jan 4, 2021 |
Kaynak:bleepingcomputer.com