Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
greeve
New Contributor II

Forticlient EMS Apache CVE-2023-25690

The latest build of FortiClient EMS ships apache version 2.4.54, which is vulnerable to CVE-2023-25690 and others.


Is there a planned fix, or is it possible to upgrade apache independently to the rest of the application?


Thanks.

1 Solution
srajeswaran
Staff
Staff

This is fixed from 7.2.1 versions and that is the latest build for EMS. Are you saying you are seeing the issue on 7.2.1 or 7.2.0 ?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Hello greeve,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
srajeswaran
Staff
Staff

This is fixed from 7.2.1 versions and that is the latest build for EMS. Are you saying you are seeing the issue on 7.2.1 or 7.2.0 ?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
greeve
New Contributor II

Thanks for the help srajeswaran. The issue was on 7.2.0, apologies for not being specific. There was no 7.2.1 at the time; looks like it was released on the day I asked the question.

DRZ123

Suraj,

 

Do you know where I can find a table or document that shows the Apache versions associated with the EMS version?  The 7.2.1 release is brand new and we prefer to test new releases for a few months prior to whitelisting them for deployment so if 7.0.8's Apache build will also resolve the issue we'd deploy it instead.  Any sort of document showing the EMS/Apache build versions together would be a big help.

 

Regards,

Blake Webb

 

greeve
New Contributor II

I'm afraid I don't know. In fact I haven't seen httpd or Apache mentioned at all in any documentation I've read.

srajeswaran

Hello Blake,
I can't see any table/document for Apache and EMS versions, but I can see that the fix for this issue is in 7.0.9 (release expected this week).

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
ganesh_karale

Dear Suraj,

 

One of our customer having EMS 7.0.8. Are we still need to upgrade the EMS?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors