![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Blue Archive tier list [April 2025]](https://media.pocketgamer.com/artwork/na-33404-1636469504/blue-archive-screenshot-2.jpg?#)
.png?#)
-Baldur’s-Gate-3-The-Final-Patch---An-Animated-Short-00-03-43.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
![Alleged Pixel 10 series wallpapers leak with vibrant colors and a strange new theme [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/pixel-10-wallpaper-leak-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
![Apple to Split Enterprise and Western Europe Roles as VP Exits [Report]](https://www.iclarified.com/images/news/97032/97032/97032-640.jpg)
![Nanoleaf Announces New Pegboard Desk Dock With Dual-Sided Lighting [Video]](https://www.iclarified.com/images/news/97030/97030/97030-640.jpg)
![Apple's Foldable iPhone May Cost Between $2100 and $2300 [Rumor]](https://www.iclarified.com/images/news/97028/97028/97028-640.jpg)
Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products
Fortinet has disclosed and addressed multiple vulnerabilities across its product suite, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. These vulnerabilities range from improper output neutralization for logs to unverified password changes and insufficiently protected credentials. The company has issued patches and mitigation strategies to safeguard users against potential exploitation. Insufficiently Protected Credentials Vulnerability […] The post Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products appeared first on Cyber Security News.
 (1).webp?#)
Fortinet has disclosed and addressed multiple vulnerabilities across its product suite, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch.
These vulnerabilities range from improper output neutralization for logs to unverified password changes and insufficiently protected credentials. The company has issued patches and mitigation strategies to safeguard users against potential exploitation.
Insufficiently Protected Credentials Vulnerability in FortiOS
One of the critical vulnerabilities identified in FortiOS involves insufficiently protected credentials (CWE-522). This flaw could allow a privileged authenticated attacker to retrieve LDAP credentials by redirecting the LDAP server IP address in the configuration to a malicious server.
Affected Versions:
- All versions of FortiOS 7.4, 7.2, 7.0, and 6.4 are vulnerable.
- FortiOS 7.6 is not affected.
Users are advised to migrate to fixed releases using Fortinet’s upgrade tool. Fortinet acknowledged Vladislav Driev and Oleg Labyntsev for responsibly reporting this vulnerability.
Improper Output Neutralization for Logs in FortiManager and FortiAnalyzer
Another vulnerability (CWE-117) affects FortiManager and FortiAnalyzer, potentially allowing unauthenticated, remote attackers to pollute logs via crafted login requests.
Affected Versions:
- Vulnerable versions include 7.6.0–7.6.1 for both products.
- Earlier versions such as 7.4.x and 7.2.x are also affected.
Users should upgrade to versions 7.6.2 or above for FortiManager and FortiAnalyzer. Fortinet credited Alexandre Labb from A1 Digital International for identifying this issue.
Man-in-the-Middle Vulnerability Across Multiple Products
A man-in-the-middle vulnerability (CWE-923) was found in several products, including FortiOS, FortiProxy, FortiManager, and others.
This flaw could enable attackers to impersonate management devices by intercepting authentication requests between managed devices and management systems such as FortiCloud or FortiManager.
Affected Versions:
- Vulnerable versions span across multiple releases of FortiOS (6.x–7.x), FortiProxy (2.x–7.x), and other products such as FortiVoice and FortiWeb.
Users should upgrade to fixed versions as specified in the advisory. Théo Leleu of the Product Security team and Stephen Bevan from the Development team at Fortinet internally discovered this vulnerability.
Unverified Password Change Vulnerability in FortiSwitch GUI
Fortinet also disclosed an unverified password change vulnerability (CWE-620) in the GUI of its FortiSwitch product. This issue could allow remote unauthenticated attackers to modify admin passwords through specially crafted requests.
Affected Versions:
- Versions 6.4.x–7.x are vulnerable.
Upgrade to fixed versions or disable HTTP/HTTPS access from administrative interfaces as a workaround. Daniel Rozeboom of the FortiSwitch web UI development team was credited for discovering this flaw.
Fortinet strongly recommends users upgrade their systems immediately using its upgrade tool or apply available workarounds where patching is not feasible.
The company has worked closely with researchers and international agencies to ensure timely disclosure and mitigation strategies.
Acknowledging the contributions of security researchers like Vladislav Driev, Oleg Labyntsev, Alexandre Labb, Théo Leleu, Stephen Bevan, and Daniel Rozeboom under responsible disclosure practices underscores the collaborative effort in addressing these vulnerabilities.
All advisories were published on April 8, 2025, marking an essential step in maintaining transparency and ensuring customer security across its product ecosystem.
Users can refer to Fortinet’s official documentation for detailed guidance on upgrading or mitigating risks associated with these vulnerabilities.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The post Fortinet Addresses Multiple Vulnerabilities in FortiAnalyzer, FortiManager, & Other Products appeared first on Cyber Security News.
