Headline

CVE-2022-26122: Fortiguard

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

2 years ago

CVE

Open in Source

#vulnerability #ios #auth

** PSIRT Advisories**

AV Engine - evasion by manipulating MIME attachment

Summary

An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines may allow
an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.

Affected Products

FortiOS running AV engine version 6.2.168 and below.
FortiOS running AV engine version 6.4.274 and below.
FortiMail running AV engine version 6.2.168 and below.
FortiMail running AV engine version 6.4.274 and below.
FortiClient running AV engine version 6.2.168 and below.
FortiClient running AV engine version 6.4.274 and below.

Solutions

Please upgrade AV engine to version 6.2.169 or above.
Please upgrade AV engine to version 6.4.275 or above.
Please upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.3 or above
Please upgrade to FortiMail version 6.4.7 or above
Please upgrade to FortiOS version 7.0.8 or above.
Please upgrade to FortiOS version 7.2.2 or above.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago