CVE-2024-50568

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 7.0.0 through 7.0.13 Fortinet FortiOS versions 7.2.0 through 7.2.7 Fortinet FortiOS versions 7.4.0 through 7.4.3 Fortinet FortiProxy versions 7.0.0 through 7.0.15 Fortinet FortiProxy versions 7.2.0 through 7.2.9 Fortinet FortiProxy versions 7.4.0 through 7.4.3

Description A channel accessible by non-endpoint vulnerability in Fortinet products allows an unauthenticated attacker with knowledge of device-specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests.

Recommendations For Fortinet FortiOS versions 7.0.0 through 7.0.13, update to a version after 7.0.13. For Fortinet FortiOS versions 7.2.0 through 7.2.7, update to a version after 7.2.7. For Fortinet FortiOS versions 7.4.0 through 7.4.3, update to a version after 7.4.3. For Fortinet FortiProxy versions 7.0.0 through 7.0.15, update to a version after 7.0.15. For Fortinet FortiProxy versions 7.2.0 through 7.2.9, update to a version after 7.2.9. For Fortinet FortiProxy versions 7.4.0 through 7.4.3, update to a version after 7.4.3.