- 252/2022
- Critical
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the system or perform unintentional contact with remote servers by sending a specially-crafted input/configuration.
The addressed vulnerabilities:
1. Apache Commons Configuration code execution (CVE-2022-33980):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Apache Commons Text code execution (CVE-2022-42889):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2022-33980
- CVE-2022-42889
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.