- 227/2024
- Medium
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, bypass the file integrity checking system, allow a read-write user to modify admin passwords via the device configuration backup, and perform OS command injection attacks to execute shell code as root via CLI commands.
Sample of the addressed vulnerabilities:
1. FortiSOAR Cross Site Scripting Vulnerability (CVE-2023-26211):
- CVSS: 6.4
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross Site Scripting
2. FortiDDoS OS Command Injecting Vulnerability (CVE-2022-27486):
- CVSS: 6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Command Injection
Sample of the affected products:
- FortiSOAR.
- FortiDDOS
- FortiOS.
- FortiAnalyzer.
- FortiManager.
- FortiPAM.
Vulnerabilities
- CVE-2023-26211
- CVE-2022-27486
- CVE-2024-36505
- CVE-2024-21757
- CVE-2022-45862
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.