- 170/2022
- High
Fortinet has released security updates to address several vulnerabilities in multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The addressed vulnerabilities could allow the attackers to perform several attacks like executing unauthorized code or commands, improper access control, and information disclosure on the affected system. Products impacted include FortiADC, FortiProxy, FortiOS, and FortiMail.
Samples of the addressed vulnerabilities:
- Format string vulnerability (CVE-2022 22299):
- CVSS: 7.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
- FortiADC – Unverified password change over the GUI (CVE-2022-27484):
- CVSS: 5.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Bypass Security
Mitigations
The enterprise should Upgrade to the mentioned versions.