CERT-In Issues Critical Warning for FortiOS & FortiProxy Vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory regarding multiple vulnerabilities discovered in Fortinet FortiOS and FortiProxy. These vulnerabilities could allow an attacker to execute arbitrary code, cause denial-of-service conditions, or bypass security restrictions on affected systems.
Vulnerability Details
The vulnerabilities affect multiple versions of FortiOS and FortiProxy, including the latest stable releases. The most critical among them allow for remote code execution without authentication — making them especially dangerous for enterprises that have not applied the latest patches.
Affected Products
- FortiOS 7.4.x (all versions below 7.4.5)
- FortiOS 7.2.x (all versions below 7.2.9)
- FortiOS 7.0.x (all versions below 7.0.15)
- FortiProxy 7.4.x (all versions below 7.4.3)
- FortiProxy 7.2.x (all versions below 7.2.9)
Recommended Actions
- Upgrade FortiOS to the latest patched version immediately
- Upgrade FortiProxy to the latest patched version immediately
- Review firewall rules and restrict management access to trusted IPs
- Enable multi-factor authentication for all administrative accounts
- Monitor logs for unusual activity
Need Help Patching Your Fortinet Devices?
P J Networks, as a Fortinet Gold MSSP Partner, can assist with vulnerability assessment, patch management, and security hardening for your Fortinet infrastructure.
Contact PJ Networks