FortiAnalyzer / FortiAnalyzer-BigData / Fortimanager - Syslog not protected by an extra layer of authentication

Summary

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer, FortiAnalyzer-BigData and FortiManager with FortiAnalyzer features may allow a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

Affected Products

FortiAnalyzer-BigData version 7.2.0 through 7.2.5

FortiAnalyzer-BigData 7.0 all versions FortiAnalyzer-BigData 6.4 all versions FortiAnalyzer-BigData 6.2 all versions FortiManager version 7.4.0

FortiManager version 7.2.0 through 7.2.3

FortiManager version 7.0.0 through 7.0.9

FortiManager 6.4 all versions FortiManager 6.2 all versions FortiAnalyzer version 7.4.0

FortiAnalyzer version 7.2.0 through 7.2.3

FortiAnalyzer version 7.0.0 through 7.0.9

FortiAnalyzer 6.4 all versions FortiAnalyzer 6.2 all versions

Solutions

Please upgrade to FortiAnalyzer-BigData version 7.4.0 or above Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.10 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.10 or above

AND

Configure the "un-encrypted-logging" option to disable receiving syslog without encryption through UDP(514) or TCP(514).

config system log setting set un-encrypted-logging disable

Acknowledgement

Internally discovered and reported by Francesco Pesare from Fortinet's professional services team.

Timeline

2023-10-02: Initial publication

2023-10-30: Adding FortiManager with FortiAnalyzer features