{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>FortiADC versions ant\u00e9rieures \u00e0 7.1.2</li> <li>FortiADC versions 7.2.x ant\u00e9rieures \u00e0 7.2.1</li> <li>FortiNAC versions ant\u00e9rieures \u00e0 9.4.3</li> <li>FortiNAC-F versions 7.2.x ant\u00e9rieures \u00e0 7.2.1</li> <li>FortiOS versions 6.x ant\u00e9rieures \u00e0 6.2.14</li> <li>FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.12</li> <li>FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11</li> <li>FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.4</li> <li>FortiProxy versions ant\u00e9rieures \u00e0 7.0.8</li> <li>FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.2</li> </ul> <p>Fortinet recommande de changer de mot de passe apr\u00e8s la mise \u00e0 jour de FortiNAC.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-27999","url":"https://www.cve.org/CVERecord?id=CVE-2023-27999"},{"name":"CVE-2022-45860","url":"https://www.cve.org/CVERecord?id=CVE-2022-45860"},{"name":"CVE-2023-26203","url":"https://www.cve.org/CVERecord?id=CVE-2023-26203"},{"name":"CVE-2022-43950","url":"https://www.cve.org/CVERecord?id=CVE-2022-43950"},{"name":"CVE-2022-45859","url":"https://www.cve.org/CVERecord?id=CVE-2022-45859"},{"name":"CVE-2023-22640","url":"https://www.cve.org/CVERecord?id=CVE-2023-22640"},{"name":"CVE-2023-27993","url":"https://www.cve.org/CVERecord?id=CVE-2023-27993"},{"name":"CVE-2022-45858","url":"https://www.cve.org/CVERecord?id=CVE-2022-45858"},{"name":"CVE-2023-22637","url":"https://www.cve.org/CVERecord?id=CVE-2023-22637"}],"links":[],"reference":"CERTFR-2023-AVI-0355","revisions":[{"description":"Version initiale","revision_date":"2023-05-04T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-456 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-456"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-520 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-520"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-475 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-475"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-297 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-297"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-23-013 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-23-013"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-464 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-464"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-407 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-407"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-22-452 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-22-452"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 FG-IR-23-069 du 03 mai 2023","url":"https://www.fortiguard.com/psirt/FG-IR-23-069"}]}