A recently discovered vulnerability affecting Fortinet FortiOS products, which include networking hardware such as firewalls and network equipment. For more information on the critical role firewalls play in a business environment, we encourage you to read our latest blog post: here
While the current vulnerability has been classified as medium in severity, this is part of a recent FortiOS update, Huon IT strongly recommends that you keep your hardware to the latest patched version as soon as possible.
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.7 | Upgrade to 7.4.8 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| FortiOS 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiOS 6.4 | 6.4 all versions | Migrate to a fixed release |
CVE-2024-52963: Out-of-bounds Write in IPSEC Daemon
An out-of-bounds write in FortiOS IPSEC daemon could allow an unauthenticated attacker to perform a denial of service under certain conditions beyond the attacker's control.
You can read more details about the vulnerability in the official notification here: Fortinet Notification
These vulnerabilities impact most FortiGate devices running FortiOS, including FortiGates, FortiSwitches, FortiAPs, and more.