- 48/2023
- Critical
Fortinet has released security updates to address multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, or escalating the privileges on the affected products.
Sample of the addressed vulnerabilities:
1. FortiNAC – External Control of File Name or Path in KeyUpload Scriptlet (CVE-2022-39952):
• CVSS: 9.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
2. FortiWeb – Stack-based Buffer Overflows in Proxyd (CVE-2021-42756):
• CVSS: 9.3
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Gain Access
Affected products:
• FortiWeb.
• FortiOS.
• FortiNAC.
• FortiProxy.
• FortiAnalyzer.
• FortiSandbox.
• FortiPortal.
• FortiWAN.
• FortiAuthenticator.
• FortiADC.
• FortiSwitch.
• FortiExtender.
• FortiSwitchManager.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.