{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"FortiClientEMS 6.2 toutes versions","product":{"name":"FortiClientEMS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.14","product":{"name":"FortiManager","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiProxy versions 7.4.x ant\u00e9rieures \u00e0 7.4.3","product":{"name":"FortiProxy","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.14","product":{"name":"FortiOS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.2","product":{"name":"FortiManager","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiAnalyzer versions 7.2.x ant\u00e9rieures \u00e0 7.2.4","product":{"name":"FortiAnalyzer","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.15","product":{"name":"FortiProxy","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1","product":{"name":"FortiPortal","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiClientEMS 6.0 toutes versions","product":{"name":"FortiClientEMS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiAnalyzer versions 7.4.x ant\u00e9rieures \u00e0 7.4.2","product":{"name":"FortiAnalyzer","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiAnalyzer-BigData versions 7.2.x ant\u00e9rieures \u00e0 7.2.6","product":{"name":"FortiAnalyzer","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiAnalyzer versions 7.0.x ant\u00e9rieures \u00e0 7.0.10","product":{"name":"FortiAnalyzer","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiClientEMS 6.4 toutes versions","product":{"name":"FortiClientEMS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiOS versions 6.2.x ant\u00e9rieures \u00e0 6.2.16","product":{"name":"FortiOS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4","product":{"name":"FortiManager","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiOS versions 7.2.x ant\u00e9rieures \u00e0 7.2.7","product":{"name":"FortiOS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiPortal versions 7.0.x ant\u00e9rieures \u00e0 7.0.7","product":{"name":"FortiPortal","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiOS versions 7.4.x ant\u00e9rieures \u00e0 7.4.2","product":{"name":"FortiOS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiPortal versions ant\u00e9rieures \u00e0 7.0.0","product":{"name":"FortiPortal","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiClientEMS versions 7.0.x ant\u00e9rieures \u00e0 7.0.11","product":{"name":"FortiClientEMS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiClientEMS versions 7.2.x ant\u00e9rieures \u00e0 7.2.3","product":{"name":"FortiClientEMS","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiAnalyzer-BigData versions 7.4.x ant\u00e9rieures \u00e0 7.4.0","product":{"name":"FortiAnalyzer","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiManager versions 7.0.x. ant\u00e9rieures \u00e0 7.0.11","product":{"name":"FortiManager","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.9","product":{"name":"FortiProxy","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiProxy versions 2.0.x ant\u00e9rieures \u00e0 2.0.14","product":{"name":"FortiProxy","vendor":{"name":"Fortinet","scada":false}}},{"description":"FortiOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.15","product":{"name":"FortiOS","vendor":{"name":"Fortinet","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nS\u2019il n\u2019est pas possible de proc\u00e9der \u00e0 l\u2019installation d\u2019une version\ncorrigeant la vuln\u00e9rabilit\u00e9, se r\u00e9f\u00e9rer aux mesures de contournement\npropos\u00e9es par l\u2019\u00e9diteur \u00e0 la section *Workaround*.\n","cves":[{"name":"CVE-2024-21761","url":"https://www.cve.org/CVERecord?id=CVE-2024-21761"},{"name":"CVE-2023-42790","url":"https://www.cve.org/CVERecord?id=CVE-2023-42790"},{"name":"CVE-2023-41842","url":"https://www.cve.org/CVERecord?id=CVE-2023-41842"},{"name":"CVE-2023-48788","url":"https://www.cve.org/CVERecord?id=CVE-2023-48788"},{"name":"CVE-2024-23112","url":"https://www.cve.org/CVERecord?id=CVE-2024-23112"},{"name":"CVE-2023-46717","url":"https://www.cve.org/CVERecord?id=CVE-2023-46717"},{"name":"CVE-2023-42789","url":"https://www.cve.org/CVERecord?id=CVE-2023-42789"},{"name":"CVE-2023-47534","url":"https://www.cve.org/CVERecord?id=CVE-2023-47534"},{"name":"CVE-2023-36554","url":"https://www.cve.org/CVERecord?id=CVE-2023-36554"}],"links":[],"reference":"CERTFR-2024-AVI-0212","revisions":[{"description":"Version initiale","revision_date":"2024-03-13T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits Fortinet</span>. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-007 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-24-007"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-304 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-23-304"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-016 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-24-016"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-328 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-23-328"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-424 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-23-424"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-390 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-23-390"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-103 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-23-103"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-013 du 12 mars 2024","url":"https://www.fortiguard.com/psirt/FG-IR-24-013"}]}