A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer, FortiAnalyzer-BigData and FortiManager with FortiAnalyzer features may allow a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
FortiAnalyzer-BigData version 7.2.0 through 7.2.5
FortiAnalyzer-BigData 7.0 all versions FortiAnalyzer-BigData 6.4 all versions FortiAnalyzer-BigData 6.2 all versions FortiManager version 7.4.0
FortiManager version 7.2.0 through 7.2.3
FortiManager version 7.0.0 through 7.0.9
FortiManager 6.4 all versions FortiManager 6.2 all versions FortiAnalyzer version 7.4.0
FortiAnalyzer version 7.2.0 through 7.2.3
FortiAnalyzer version 7.0.0 through 7.0.9
FortiAnalyzer 6.4 all versions FortiAnalyzer 6.2 all versions
Please upgrade to FortiAnalyzer-BigData version 7.4.0 or above Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.10 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.10 or above
Configure the "un-encrypted-logging" option to disable receiving syslog without encryption through UDP(514) or TCP(514).
config system log setting set un-encrypted-logging disable
AcknowledgementInternally discovered and reported by Francesco Pesare from Fortinet's professional services team.
2023-10-02: Initial publication
2023-10-30: Adding FortiManager with FortiAnalyzer features