Latest Cyber Security News

You are here: Home / General Cyber Security News / Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy
February 19, 2023

Fortinet has released security updates to deal with 40 vulnerabilities in its software lineup, like FortiWeb, FortiOS, FortiNAS, and FortiProxy, amongst other folks.

Two of the 40 flaws are rated Critical, 15 are rated Superior, 22 are rated Medium, and a single is rated Low in severity.

Top of the checklist is a severe bug residing in the FortiNAC network access handle solution (CVE-2022-39952, CVSS score: 9.8) that could direct to arbitrary code execution.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“An exterior command of file identify or path vulnerability [CWE-73] in FortiNAC web server might make it possible for an unauthenticated attacker to accomplish arbitrary generate on the process,” Fortinet claimed in an advisory before this week.

The goods impacted by the vulnerability are as follows –

  • FortiNAC model 9.4.
  • FortiNAC model 9.2. by means of 9.2.5
  • FortiNAC variation 9.1. by way of 9.1.7
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all variations
  • FortiNAC 8.5 all variations, and
  • FortiNAC 8.3 all versions

Patches have been unveiled in FortiNAC versions 7.2., 9.1.8, 9.1.8, and 9.1.8. Penetration tests firm Horizon3.ai claimed it plans to launch a evidence-of-concept (PoC) code for the flaw “shortly,” building it vital that users transfer promptly to utilize the updates.

The 2nd flaw of note is a established of stack-centered buffer overflow in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS rating: 9.3) that could help an unauthenticated remote attacker to reach arbitrary code execution by using specifically crafted HTTP requests.

CVE-2021-42756 affects the down below variations of FortiWeb, with fixes offered in versions FortiWeb 6..8, 6.1.3, 6.2.7, 6.3.17, and 7.. –

  • FortiWeb versions 6.4 all versions
  • FortiWeb versions 6.3.16 and beneath
  • FortiWeb variations 6.2.6 and down below
  • FortiWeb variations 6.1.2 and down below
  • FortiWeb variations 6..7 and under, and
  • FortiWeb variations 5.x all variations

Both the flaws ended up internally learned and noted by its product security staff, Fortinet claimed. Curiously, CVE-2021-42756 also seems to have been discovered in 2021 but not publicly disclosed until now.

Discovered this report attention-grabbing? Stick to us on Twitter  and LinkedIn to study far more exceptional information we post.


Some parts of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *