Fortinet Products | Log4j Vulnerability

Fortinet Products affected by Log4j Vulnerability are FortiAIOps, FortiCASB, FortiConvertor, FortiEDR Cloud, FortiNAC, FortiPolicy, FortiPortal, FortiSIEM, FortiSOAR and ShieldX.Rest of the products like FortiAnalyzer Cloud, FortiAnalyzer, FortiAuthenticator, FortiDeceptor, FortiEDR Agent, FortiEDR Cloud, FortiGSLB Cloud, FortiMail,FortiManager Cloud, Forti Gate has been unaffected by this Vulnerability. Some of the Fortinet Products has been already patched and for others detailed mitigation steps have been given below. List of Impacted/Not Impacted products have been given below in the table

Fortinet Product	Status	Patched?
FortiAIOps	Vulnerable	Patched
FortiAnalyzer Cloud	Not Vulnerable	Not Needed
FortiAnalyzer	Not Vulnerable	Not Needed
FortiAP	Not Vulnerable	Not Needed
FortiAuthenticator	Not Vulnerable	Not Needed
FortiCASB	Vulnerable	Patched
FortiConvertor	Vulnerable	Patched
FortiDeceptor	Not Vulnerable	Not Needed
FortiEDR Agent	Not Vulnerable	Not Needed
FortiEDR Cloud	Vulnerable	Patched
FortiGate Cloud	Not Vulnerable	Not Needed
FortiGSLB Cloud	Not Vulnerable	Not Needed
FortiMail	Not Vulnerable	Not Needed
FortiManager Cloud	Not Vulnerable	Not Needed
FortiManager	Not Vulnerable	Not Needed
FortiNAC	Vulnerable	Patched
FortiNAC	Vulnerable	Patched
FortiGate	Not Vulnerable	Not Needed
FortiWiFi	Not Vulnerable	Not Needed
FortiOS	Not Vulnerable	Not Needed
FortiPhish Cloud	Not Vulnerable	Not Needed
FortiPolicy	Vulnerable	Patched
FortiPortal	Vulnerable	Patched
FortiRecorder	Not Vulnerable	Not Needed
FortiSIEM	Vulnerable	Patched
FortiSOAR	Vulnerable	Patched
FortiSwitch Cloud in FortiLANCloud	Not Vulnerable	Not Needed
FortiSwitch & FortiSwitchManager	Not Vulnerable	Not Needed
FortiToken Cloud	Not Vulnerable	Not Needed
FortiVoice	Not Vulnerable	Not Needed
FortiWeb Cloud	Not Vulnerable	Not Needed
ShieldX	Vulnerable	Patched

Source: https://www.fortiguard.com/psirt/FG-IR-21-245