CamSA25-01: ចំណុចខ្សោយធ្ងន់ធ្ងរបំផុតនៅក្នុងផលិតផលក្រុមហ៊ុន Fortinet

១. ព័ត៌មានទូទៅ

ក្រុមហ៊ុន Fortinet បានចេញសេចក្តីណែនាំសន្តិសុខអំពីការអាប់ដេតទៅលើចំណុចដែលងាយរងគ្រោះដើម្បីជួសជុលបិទចន្លោះប្រហោង (ចំណុចខ្សោយ) ជាច្រើន មានក្នុងផលិតផលរបស់ខ្លួន នាខែមករា ឆ្នាំ២០២៥ ដែលមានកម្រិតសុវត្ថិភាពធ្ងន់ធ្ងរបំផុតហើយទាមទារឱ្យមានការយកចិត្តទុកដាក់ និងមានវិធានការធ្វើការអាប់ដេតជាបន្ទាន់។

២.ផលិតផលដែលរងផលប៉ះពាល់

• FortiManager 7.4                      7.4.0                                        Upgrade to 7.4.1 or above
• FortiManager 7.2                      7.2.3                                        Upgrade to 7.2.4 or above
• FortiManager 7.0                      7.0.7    through 7.0.8               Upgrade to 7.0.9 or above
• FortiManager 6.4                     6.4.12                                      Upgrade to 6.4.13 or above
• FortiAnalyzer 4                         7.4.0 through 7.4.3                  Upgrade to 7.4.4 or above
• FortiAnalyzer 2                         7.2.0 through 7.2.5                  Upgrade to 7.2.6 or above
• FortiAnalyzer 0                         7.0.2 through 7.0.12                Upgrade to 7.0.13 or above
• FortiAnalyzer 2                         6.2.10 through 6.2.13              Migrate to a fixed release
• FortiManager 4                         7.4.0 through 7.4.3                  Upgrade to 7.4.4 or above
• FortiManager 2                         7.2.0 through 7.2.5                  Upgrade to 7.2.6 or above
• FortiManager 0                         7.0.2 through 7.0.12                Upgrade to 7.0.13 or above
• FortiOS 7.0                                7.0.0 through 7.0.16                Upgrade to 7.0.17 or above
• FortiProxy 7.2                           7.2.0 through 7.2.12                Upgrade to 7.2.13 or above
• FortiProxy 7.0                           7.0.0 through 7.0.19                Upgrade to 7.0.20 or above
• FortiClientWindows                version 7.2.0   through 7.2.1
• FortiClientWindows                version 7.0.0 through 7.0.9
• FortiClientWindows                6.4 all versions
• FortiClientLinux                      7.2.0 through 7.2.4
• FortiClientLinux                      7.0 all versions
• FortiClientLinux                      6.4 all versions
• FortiClientMac                         7.2.0 through 7.2.4
• FortiClientMac                         7.0 all versions+
• FortiClientMac                          6.4 all versions
• FortiClientEMS                         version 7.2.0 through 7.2.1
• FortiClientEMS                          version 7.0.0 through 7.0.9
• FortiManager Cloud 7.4             4.1 through 7.4.2      Upgrade to 7.4.3 or above
• FortiManager Cloud 7.2             2.1 through 7.2.5      Upgrade to 7.2.7 or above
• FortiManager Cloud 7.0             0.1 through 7.0.12    Upgrade to 7.0.13 or above

៣. ផលប៉ៈពាល់

ការវាយលុកដោយជោគជ័យ និងអនុញ្ញាតឱ្យអ្នកវាយប្រហារធ្វើការដំណើរការកូដពីចម្ងាយ ដើម្បីធ្វើការគ្រប់គ្រងទាំងស្រុង​ទៅ​លើប្រព័ន្ធ FortiOS, FortiClientWindows, FortiAnalyzer, FortiClientEMS, FortiProxy ។

៤. ដំណោះស្រាយ

អ្នកប្រើប្រាស់ និងអភិបាលគ្រប់គ្រង ត្រូវធ្វើការអាប់ដេតទៅកាន់កំណែចុងក្រោយ ជាបន្ទាន់តាមដែលអាចធ្វើទៅបាន។

៥. ឯកសារពាក់ព័ន្ធ

• – https://www.cisa.gov/news-events/alerts/2025/01/14/fortinet-releases-security-updates-multiple-Products
• – https://shorturl.at/Zf2xg
• – https://www.fortiguard.com/psirt/FG-IR-24-239
• – https://www.fortiguard.com/psirt/FG-IR-24-152
• – https://www.fortiguard.com/psirt/FG-IR-24-535
• – https://www.fortiguard.com/psirt/FG-IR-23-381
• – https://www.fortiguard.com/psirt/FG-IR-24-222
• – https://www.fortiguard.com/psirt/FG-IR-23-476
• – https://www.fortiguard.com/psirt/FG-IR-23-260
• – https://www.fortiguard.com/psirt/FG-IR-24-135
• – https://www.fortiguard.com/psirt/FG-IR-24-219
• – https://www.fortiguard.com/psirt/FG-IR-24-463
• – https://www.fortiguard.com/psirt/FG-IR-24-266
• – https://www.fortiguard.com/psirt/FG-IR-24-106
• – https://www.fortiguard.com/psirt/FG-IR-24-259
• – https://www.fortiguard.com/psirt/FG-IR-23-258
• – https://www.fortiguard.com/psirt/FG-IR-24-221