- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG-IR-21-201 - PSIRT Advisory
Hi Folks,
need some help here.
There was a vulnerability CVE 2021-4168 that affected FortiOS versions.
If i am running the affected FortiOS version, but have not subcribed to FortiGuard Distribution Services, do i still have to patch based on Fortinet's recommendations?
I am unable to run the affected command ("execute restore src-vis") used in FDS, and therefore do not think that there would be any vulnerability exposure.
Would appreciate any help here.
Regards,
WH.
- Labels:
-
FortiGate
-
FortiGuard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
if you do run one of the affected versions, which all are more than a year old. And if you do have user (admin) accounts able to log in directly to FGT unit to be able to "execute" commands on unit itself.
Then I would suggest to update.
Especially if you do run early 7.0 .. because of CVE-2022-40684 / https://www.fortiguard.com/psirt/FG-IR-22-377
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
