February 19, 2023

Fortinet Patches 40 Vulnerabilities Affecting a Variety of Products, 2 Critical RCE Vulnerabilities

Fortinet patched 40 vulnerabilities in various products, 2 of which had a Critical-Severity level.

Successful exploitation of the critical vulnerabilities allows unauthenticated remote attacker to perform arbitrary write (RCE) on the affected system.

The Critical Vulnerabilities

• CVE-2022-39952 (CVSS 3.1: 9.8, Critical)  – An external control of file name or path vulnerability in FortiNAC webserver, may allow an unauthenticated attacker to perform arbitrary write on the system.
• CVE-2021-42756 (CVSS 3.1: 9.3, Critical))  – Multiple stack-based buffer overflow vulnerabilities in FortiWeb’s proxy daemon, may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Affected Products

• FortiWeb (Critical)
• FortiNAC (Critical)
• FortiOS (High-Severity)
• FortiProxy (High-Severity)
• FortiAnalyzer (Medium-Severity)
• FortiADC (High-Severity)
• FortiSandbox (Medium-Severity)
• FortiPortal (Medium-Severity)
• FortiWAN (High-Severity)
• FortiAuthenticator (Medium-Severity)
• FortiSwitch (Medium-Severity)
• FortiExtender (High-Severity)
• FortiSwitchManager (High-Severity)

The specific vulnerable versions can be seen in Forti Advisory.

Mitigation

CYREBRO strongly recommends all Forti customers to update to the patched versions of the affected products.

References: FortiGuard PSIRT Advisories