Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
greeve
New Contributor II

Created on ‎06-12-2023 04:49 AM

Forticlient EMS Apache CVE-2023-25690

The latest build of FortiClient EMS ships apache version 2.4.54, which is vulnerable to CVE-2023-25690 and others.


Is there a planned fix, or is it possible to upgrade apache independently to the rest of the application?


Thanks.

Labels:
1817
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎06-14-2023 10:19 PM

This is fixed from 7.2.1 versions and that is the latest build for EMS. Are you saying you are seeing the issue on 7.2.1 or 7.2.0 ?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1767
7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Created on ‎06-14-2023 09:25 PM

Hello greeve,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1777
0 Kudos
srajeswaran
Staff
Staff

Created on ‎06-14-2023 10:19 PM

This is fixed from 7.2.1 versions and that is the latest build for EMS. Are you saying you are seeing the issue on 7.2.1 or 7.2.0 ?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1768
greeve
New Contributor II
In response to srajeswaran

Created on ‎06-15-2023 02:48 AM

Thanks for the help srajeswaran. The issue was on 7.2.0, apologies for not being specific. There was no 7.2.1 at the time; looks like it was released on the day I asked the question.

1745
DRZ123
New Contributor
In response to srajeswaran

Created on ‎07-13-2023 01:10 PM

Suraj,

 

Do you know where I can find a table or document that shows the Apache versions associated with the EMS version?  The 7.2.1 release is brand new and we prefer to test new releases for a few months prior to whitelisting them for deployment so if 7.0.8's Apache build will also resolve the issue we'd deploy it instead.  Any sort of document showing the EMS/Apache build versions together would be a big help.

 

Regards,

Blake Webb

 

1526
0 Kudos
greeve
New Contributor II
In response to DRZ123

Created on ‎07-16-2023 06:15 AM

I'm afraid I don't know. In fact I haven't seen httpd or Apache mentioned at all in any documentation I've read.

1503
0 Kudos
srajeswaran
Staff
Staff
In response to DRZ123

Created on ‎07-16-2023 06:31 AM

Hello Blake,
I can't see any table/document for Apache and EMS versions, but I can see that the fix for this issue is in 7.0.9 (release expected this week).

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1495
0 Kudos
ganesh_karale
New Contributor
In response to srajeswaran

Created on ‎07-24-2023 11:25 PM

Dear Suraj,

 

One of our customer having EMS 7.0.8. Are we still need to upgrade the EMS?

1395
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.