Skip to main content
amaneul
amaneul
New Member
March 29, 2025
Question

New CVE incoming for FortiOS 6.4.15 and earlier?

  • March 29, 2025
  • 2 replies
  • 1349 views

Just noticed that 6.4.16 was just released - considering the age of the OS version, this usually points to some serious security flaw ... !?

2 replies

chittasha1
chittasha1
New Member
March 29, 2025

If you have e.g. some 60F running with ZTNA tags for NAC, that's gone. If you still use SSL VPN because IPSEC doesn't support so far all features you need, it's gone. If you had some system in DMZ behind WAP, it's gone. And a 60F is on 7.2.x a powerful device which can handle that all easily.

AEK
SuperUser
AEK
SuperUser
March 29, 2025

Yes it is.

FOS 6.4.16 released in 2025-03-27 handles the following CVEs:

 

Bug IDCVE references

761464

FortiOS 6.4.16 is no longer vulnerable to the following CVE Reference:

  • CVE-2023-36640
  • CVE-2023-45583

1029403

FortiOS 6.4.16 is no longer vulnerable to the following CVE Reference:

  • CVE-2024-35279

 

Resolved issues:

https://docs.fortinet.com/document/fortigate/6.4.16/fortios-release-notes/289806/resolved-issues

 

PSIRT:

https://www.fortiguard.com/psirt/FG-IR-23-137  (CVSSv3 Score: 6.5)

https://www.fortiguard.com/psirt/FG-IR-24-160  (CVSSv3 Score: 7.7)

AEK
Terms & ConditionsAccessibility statement