EdgeDefence

Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.

Updated Fri, April 14, 2023 at 5:28 AM EDT

Fortinet has just released critical security updates to address 40 vulnerabilities in their software collection, such as FortiWeb, FortiOS, FortiNAC and more. Two of the flaws have been rated Critical while 15 are High severity-level issues. Additionally, there are 22 Medium-rated bugs and one Low severity bug detected among them all. The highest risk is a severe vulnerability existing within the FortiNAC network access control solution (CVE-2022-39952; CVSS score: 9.8) which could potentially enable arbitrary code execution if exploited correctly by an attacker! "An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system," Fortinet said in an advisory earlier this week.

The products impacted by the vulnerability are as follows :

  • FortiNAC version 9.4.0
  • FortiNAC version 9.2.0 through 9.2.5
  • FortiNAC version 9.1.0 through 9.1.7
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions, and
  • FortiNAC 8.3 all versions

    • Firmly emphasize the urgency to update FortiNAC versions 7.2.0, 9.1.8, and 9.1.8 with the released patches - Horizon3.Ai has provided notice that it will soon release a proof-of-concept (PoC) code for any existing vulnerability in its system! Act now before this serious security issue becomes your problem too; protect yourself by taking advantage of these updates right away! FortiWeb's proxy daemon is susceptible to a stack-based buffer overflow (CVE-2021-42756, CVSS score: 9.3) that could potentially allow an unauthenticated remote attacker to introduce arbitrary code execution via specially constructed HTTP requests. Fortunately, versions FortiWeb 6.0.8, 6.1.3, 6.2 7.,6 3 .17 and 7 0 .0 contain the necessary fixes for this vulnerability; all users are advised to update their installations promptly in order to prevent any malicious intrusions on their system security!

  • FortiWeb versions 6.3.16 and below
  • FortiWeb versions 6.2.6 and below
  • FortiWeb versions 6.1.2 and below
  • FortiWeb versions 6.0.7 and below, and
  • FortiWeb versions 5.x all versions

    • Fortinet's product security team discovered and reported both of these flaws internally. Interestingly, CVE-2021-42756 appears to have been identified in 2021 but not openly revealed until now.

    Vulnerabilities

    Get the latest news, invites to events, and threat alerts

    Cybercriminals have injected more than 15,000 malicious packages containing phishing links into the NPM repository, creating a dangerous environment for unsuspecting users.Cybercriminals have injected more than 15,000 malicious packages containing phishing links into the NPM repository, creating a dangerous environment for unsuspecting users.
    Vulnerabilities

    Cybercriminals have injected more than 15,000 malicious packages containing phishing links into the NPM repository, creating a dangerous environment for unsuspecting users.

    Updated Fri, April 14, 2023 at 5:29 AM EDT

    VMware issued an immediate patch to fix a severe security flaw in its Carbon Black App Control productVMware issued an immediate patch to fix a severe security flaw in its Carbon Black App Control product
    Vulnerabilities

    VMware issued an immediate patch to fix a severe security flaw in its Carbon Black App Control product

    Updated Fri, April 14, 2023 at 5:28 AM EDT

    Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.
    Vulnerabilities

    Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.

    Updated Fri, April 14, 2023 at 5:28 AM EDT

    GoDaddy Unveils a Years-Long Security Compromise Resulting in Malware Installations and Source Code Theft.GoDaddy Unveils a Years-Long Security Compromise Resulting in Malware Installations and Source Code Theft.
    Vulnerabilities

    GoDaddy Unveils a Years-Long Security Compromise Resulting in Malware Installations and Source Code Theft.

    Updated Fri, April 14, 2023 at 5:27 AM EDT

    Researchers recently took advantage of a widely-used NPM package with millions of downloads.Researchers recently took advantage of a widely-used NPM package with millions of downloads.
    Vulnerabilities

    Researchers recently took advantage of a widely-used NPM package with millions of downloads.

    Updated Fri, April 14, 2023 at 5:27 AM EDT

    A Major Remote Code Execution Vulnerability Has Been Found in ClamAV Open Source Antivirus Software, Exposing Users to Unforeseen Security Risks.A Major Remote Code Execution Vulnerability Has Been Found in ClamAV Open Source Antivirus Software, Exposing Users to Unforeseen Security Risks.
    Vulnerabilities

    A Major Remote Code Execution Vulnerability Has Been Found in ClamAV Open Source Antivirus Software, Exposing Users to Unforeseen Security Risks.

    Updated Fri, April 14, 2023 at 5:43 AM EDT

    The importance of SAML in preventing cyber-attacks by hackersThe importance of SAML in preventing cyber-attacks by hackers
    Security

    The importance of SAML in preventing cyber-attacks by hackers

    SAML, or Security Assertion Markup Language, is a process for telling external services and applications the user is the same person who has logged in. The SAML process makes the single sign-on (SSO) technology. It authenticates a user and then uses that authentication for multiple applications. The current version in use is the SAML 2.0, and it has been in use since 2005. It has combined several earlier versions of SAML and is now the modern standard.

    Updated Mon, February 20, 2023 at 8:12 AM EST

    The benefits of working with edge computing technologyThe benefits of working with edge computing technology
    Security

    The benefits of working with edge computing technology

    Edge computing is one of the most innovative concepts within the sphere of networking that has got a lot of companies interested these days. The networking philosophy brings computing functionalities to the data source so that bandwidth and latency get minimized. In other words, edge computing involves managing fewer cloud-based processes and getting them to a local area, like an edge server, a computing device, or an IoT device. By managing computation close to the network’s edge, it is possible to bring down the need for long-distance communications that must take place between the server and the client.

    Updated Mon, January 30, 2023 at 1:30 PM EST

    It’s Time to Kill the PasswordIt’s Time to Kill the Password
    Security

    It’s Time to Kill the Password

    Despite repeated warnings over the years on Password usage, people still make the same mistake, and the most popular passwords are terrible and easy to guess. The easy-to-guess password makes it easy for hackers to steal credentials and cause data loss. Passwords are the main reason for data theft, and experts say it is time to get rid of passwords.

    Updated Mon, January 30, 2023 at 1:27 PM EST

    It is time to Kill Security Questions—or Answer Them with LiesIt is time to Kill Security Questions—or Answer Them with Lies
    Security

    It is time to Kill Security Questions—or Answer Them with Lies

    The awareness about having strong passwords is now in the mainstream, and everyone seems to have realized by now that having passwords like “12345678” or “Password123” is not doing any favor when it comes to security issues. While we are witnessing improved password security, another problem or something complex that needs to get addressed here is the “security questions."

    Updated Mon, January 30, 2023 at 1:23 PM EST

    EdgeDefence
    We’re remote friendly, with office in Miami: Miami

    Quick Links

    Blog

    About

    Learning Center

    Contact

    Careers We’re hiring

    Solutions

    DNS Security

    Gateway

    Identity & Access Management

    Device Management

    Get the latest news, invites to events, and threat alerts

    © EdgeDefence. all rights reserved

    Terms & Conditions

    |Privacy Policy

    |Security & Compliance

    |Manage Privacy Preferences