February 19, 2023
Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities
Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level.
Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system.
The Critical Vulnerabilities
- CVE-2022-39952 (CVSS 3.1: 9.8, Critical) – An external control of file name or path vulnerability in FortiNAC webserver, may allow an unauthenticated attacker to perform arbitrary write on the system.
- CVE-2021-42756 (CVSS 3.1: 9.3, Critical)) – Multiple stack-based buffer overflow vulnerabilities in FortiWeb’s proxy daemon, may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.
- FortiWeb (Critical)
- FortiNAC (Critical)
- FortiOS (High-Severity)
- FortiProxy (High-Severity)
- FortiAnalyzer (Medium-Severity)
- FortiADC (High-Severity)
- FortiSandbox (Medium-Severity)
- FortiPortal (Medium-Severity)
- FortiWAN (High-Severity)
- FortiAuthenticator (Medium-Severity)
- FortiSwitch (Medium-Severity)
- FortiExtender (High-Severity)
- FortiSwitchManager (High-Severity)
The specific vulnerable versions can be seen in Forti Advisory.
CYREBRO strongly recommends all Forti customers to update to the patched versions of the affected products.
References: FortiGuard PSIRT Advisories