Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.
Published Mon, February 20, 2023 08:11 AM EST
Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.
Fortinet has just released critical security updates to address 40 vulnerabilities in their software collection, such as FortiWeb, FortiOS, FortiNAC and more. Two of the flaws have been rated Critical while 15 are High severity-level issues. Additionally, there are 22 Medium-rated bugs and one Low severity bug detected among them all. The highest risk is a severe vulnerability existing within the FortiNAC network access control solution (CVE-2022-39952; CVSS score: 9.8) which could potentially enable arbitrary code execution if exploited correctly by an attacker! "An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system," Fortinet said in an advisory earlier this week.
The products impacted by the vulnerability are as follows -
- FortiNAC version 9.4.0
- FortiNAC version 9.2.0 through 9.2.5
- FortiNAC version 9.1.0 through 9.1.7
- FortiNAC 8.8 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.5 all versions, and
- FortiNAC 8.3 all versions
Firmly emphasize the urgency to update FortiNAC versions 7.2.0, 9.1.8, and 9.1.8 with the released patches - Horizon3.Ai has provided notice that it will soon release a proof-of-concept (PoC) code for any existing vulnerability in its system! Act now before this serious security issue becomes your problem too; protect yourself by taking advantage of these updates right away! FortiWeb's proxy daemon is susceptible to a stack-based buffer overflow (CVE-2021-42756, CVSS score: 9.3) that could potentially allow an unauthenticated remote attacker to introduce arbitrary code execution via specially constructed HTTP requests. Fortunately, versions FortiWeb 6.0.8, 6.1.3, 6.2 7.,6 3 .17 and 7 0 .0 contain the necessary fixes for this vulnerability; all users are advised to update their installations promptly in order to prevent any malicious intrusions on their system security!
- FortiWeb versions 6.4 all versions
- FortiWeb versions 6.3.16 and below
- FortiWeb versions 6.2.6 and below
- FortiWeb versions 6.1.2 and below
- FortiWeb versions 6.0.7 and below, and
- FortiWeb versions 5.x all versions
Fortinet's product security team discovered and reported both of these flaws internally. Interestingly, CVE-2021-42756 appears to have been identified in 2021 but not openly revealed until now.
