Alert GCSA-25088 - Vulnerabilita' multiple nei prodotti Fortinet
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25088
Data: 14 Luglio 2025
Titolo: Vulnerabilita' multiple nei prodotti Fortinet
******************************************************************
:: Descrizione del problema
Fortinet ha rilasciato degli aggiornamenti per risolvere varie
vulnerabilita' presenti nei suoi prodotti:
FG-IR-24-437 SQL injection in forward module
FG-IR-24-511 PKI via API: Authentication granted with an invalid certificate
FG-IR-25-026 Heap-based buffer overflow in cw_stad daemon
FG-IR-24-053 DNS type 65 resource record requests bypass DNS filter
FG-IR-25-151 Unauthenticated SQL injection in GUI
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
FortiOS
FortiProxy
FortiManager
FortiAnalyzer
FortiSASE
FortiWeb
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni (ID)
:: Soluzioni
Applicare gli aggiornamenti rilasciati dal produttore:
https://fortiguard.fortinet.com/psirt/FG-IR-24-437
https://fortiguard.fortinet.com/psirt/FG-IR-24-511
https://fortiguard.fortinet.com/psirt/FG-IR-25-026
https://fortiguard.fortinet.com/psirt/FG-IR-24-053
https://fortiguard.fortinet.com/psirt/FG-IR-25-151
:: Riferimenti
Fortinet
https://www.fortiguard.com/psirt
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25257
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTNVw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC0xYAn0mQXk2B/zrGLInk0wQqu20VwTOwAJ9DQk6ae/ig
zqKXlS0xQmm858gzXw==
=o2+I
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25088
Data: 14 Luglio 2025
Titolo: Vulnerabilita' multiple nei prodotti Fortinet
******************************************************************
:: Descrizione del problema
Fortinet ha rilasciato degli aggiornamenti per risolvere varie
vulnerabilita' presenti nei suoi prodotti:
FG-IR-24-437 SQL injection in forward module
FG-IR-24-511 PKI via API: Authentication granted with an invalid certificate
FG-IR-25-026 Heap-based buffer overflow in cw_stad daemon
FG-IR-24-053 DNS type 65 resource record requests bypass DNS filter
FG-IR-25-151 Unauthenticated SQL injection in GUI
Maggiori informazioni sono disponibili alla sezione "Riferimenti".
:: Software / Tecnologie interessate
FortiOS
FortiProxy
FortiManager
FortiAnalyzer
FortiSASE
FortiWeb
:: Impatto
Esecuzione remota di codice arbitrario (RCE)
Elusione delle restrizioni di sicurezza (SRB)
Rivelazione di informazioni (ID)
:: Soluzioni
Applicare gli aggiornamenti rilasciati dal produttore:
https://fortiguard.fortinet.com/psirt/FG-IR-24-437
https://fortiguard.fortinet.com/psirt/FG-IR-24-511
https://fortiguard.fortinet.com/psirt/FG-IR-25-026
https://fortiguard.fortinet.com/psirt/FG-IR-24-053
https://fortiguard.fortinet.com/psirt/FG-IR-25-151
:: Riferimenti
Fortinet
https://www.fortiguard.com/psirt
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25257
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaHTNVw0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC0xYAn0mQXk2B/zrGLInk0wQqu20VwTOwAJ9DQk6ae/ig
zqKXlS0xQmm858gzXw==
=o2+I
-----END PGP SIGNATURE-----