PSIRTInsertion of Sensitive Information Into Sent Data Vulnerability in csfd daemon
Summary
An Insertion of Sensitive Information Into Sent Data Vulnerability in Fortimanager, FortiMail, FortiNDR, FortOS, FortiPAM, FortiProxy, FortiRecorder, FortiTester, FortiVoice, FortiWeb csfd daemon may allow a remote authenticated attacker to read small and non-arbitrary parts of memory.
| Version | Affected | Solution |
|---|---|---|
| FortiMail 7.6 | Not affected | Not Applicable |
| FortiMail 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiMail 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiMail 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiManager 7.6 | 7.6.0 through 7.6.1 | Upgrade to 7.6.2 or above |
| FortiManager 7.4 | 7.4.1 through 7.4.3 | Upgrade to 7.4.4 or above |
| FortiManager 7.2 | Not affected | Not Applicable |
| FortiManager 7.0 | Not affected | Not Applicable |
| FortiManager 6.4 | Not affected | Not Applicable |
| FortiManager Cloud 7.4 | 7.4.1 through 7.4.3 | Upgrade to 7.4.4 or above |
| FortiNDR 7.6 | 7.6.0 through 7.6.1 | Upgrade to 7.6.2 or above |
| FortiNDR 7.4 | 7.4.0 through 7.4.8 | Upgrade to 7.4.9 or above |
| FortiNDR 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiNDR 7.1 | 7.1 all versions | Migrate to a fixed release |
| FortiNDR 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiNDR 1.5 | 1.5 all versions | Migrate to a fixed release |
| FortiOS 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiOS 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.15 | Upgrade to 7.0.16 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.15 | Upgrade to 6.4.16 or above |
| FortiOS 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiPAM 1.7 | Not affected | Not Applicable |
| FortiPAM 1.6 | Not affected | Not Applicable |
| FortiPAM 1.5 | Not affected | Not Applicable |
| FortiPAM 1.4 | Not affected | Not Applicable |
| FortiPAM 1.3 | 1.3 all versions | Migrate to a fixed release |
| FortiPAM 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiPAM 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiPAM 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiProxy 7.6 | Not affected | Not Applicable |
| FortiProxy 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.10 | Upgrade to 7.2.11 or above |
| FortiProxy 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiProxy 2.0 | 2.0 all versions | Migrate to a fixed release |
| FortiProxy 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiProxy 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiProxy 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiRecorder 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
| FortiRecorder 7.0 | 7.0.0 through 7.0.4 | Upgrade to 7.0.5 or above |
| FortiRecorder 6.4 | Not affected | Not Applicable |
| FortiSASE 24.4 | Not affected | Not Applicable |
| FortiSASE 24.3 | 24.3.a | Fortinet remediated this issue in 24.3.b and hence customers do not need to perform any action. |
| FortiSASE 23.3 | Not affected | Not Applicable |
| FortiSASE 23.2 | Not affected | Not Applicable |
| FortiSASE 23.1 | Not affected | Not Applicable |
| FortiSASE 22 | Not affected | Not Applicable |
| FortiTester 7.6 | Not affected | Not Applicable |
| FortiTester 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiTester 7.3 | 7.3 all versions | Migrate to a fixed release |
| FortiTester 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiTester 7.1 | 7.1 all versions | Migrate to a fixed release |
| FortiTester 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiTester 4.2 | 4.2 all versions | Migrate to a fixed release |
| FortiVoice 7.2 | Not affected | Not Applicable |
| FortiVoice 7.0 | 7.0.0 through 7.0.4 | Upgrade to 7.0.5 or above |
| FortiVoice 6.4 | 6.4.0 through 6.4.9 | Upgrade to 6.4.10 or above |
| FortiVoice 6.0 | 6.0.7 through 6.0.12 | Migrate to a fixed release |
| FortiWeb 8.0 | Not affected | Not Applicable |
| FortiWeb 7.6 | 7.6.0 | Upgrade to 7.6.1 or above |
| FortiWeb 7.4 | 7.4.0 through 7.4.4 | Upgrade to 7.4.5 or above |
| FortiWeb 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiWeb 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiWeb 6.4 | 6.4 all versions | Migrate to a fixed release |