- 201/2022
- High
Fortinet has released security updates to fix several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system and cause a denial of service attacks.
Sample of the addressed vulnerabilities:
FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U – Command injection in CLI (CVE-2022-29058):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
FortiOS – TCP Middlebox Reflection (CVE-2022-27491):
- CVSS: 6.6
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of service
Affected Products :
- FortiSOAR
- FortiAnalyzer
- FortiOS
- FortiDDoS-F
- FortiADC
- FortiMail
- FortiAP
- FortiManager
- FortiAP-S
- FortiProxy
- FortiAP-U
- FortiWeb
- FortiAP-W2
Vulnerabilities
- CVE-2022-29058
- CVE-2022-27491
- CVE-2022-26114
- CVE-2022-38377
- CVE-2022-29053
- CVE-2022-35847
- CVE-2022-29061
- CVE-2022-29062
- CVE-2022-30298
- CVE-2022-29059
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.
Fortinet Security Advisor