Security
Headlines
HeadlinesLatestCVEs

Headline

Fortinet patch batch remedies multiple path traversal vulnerabilities

Four high, six medium, and one low severity issue fixed

PortSwigger
#sql#xss#vulnerability#web#ios#mac#windows#rce#buffer_overflow#auth#mongo#ssl

Four high, six medium, and one low severity issue fixed

Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.

The California-headquartered cybersecurity giant, which accounts for more than a third of all firewall and unified threat management shipments worldwide, released a huge number of firmware and software updates on Tuesday (July 5).

A quartet of high severity flaws includes multiple relative path traversal bugs in the management interface of FortiDeceptor, which spins up virtual machines that serve as honeypots for network intruders (CVE-2022-30302).

RECOMMENDED High severity OpenSSL bug could lead to remote code execution

Abuse of these “may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests”, according to the corresponding Fortinet advisory.

Similarly, attackers could achieve privilege escalation in Windows versions of endpoint protection and VPN product FortiClient via path traversal in the named pipe responsible for the FortiESNAC service (CVE-2021-41031).

The FortiNAC network access control solution, meanwhile, suffered from an “empty password in configuration file vulnerability” through which an authenticated attacker could access the MySQL databases via the command line interface (CLI) (CVE-2022-26117).

Additional bugs

The other high severity issue, which applies to security event analysis appliance FortiAnalyzer, the FortiManager network management device, the FortiOS operating system, and the FortiProxy web proxy, “may allow a privileged attacker to execute arbitrary code or command via crafted CLI ‘execute restore image’ and ‘execute certificate remote’ operations with the TFTP protocol” (CVE-2021-43072).

Medium severity issues in the patch batch include SQL injection vulnerabilities in the FortiADC application delivery controller (CVE-2022-26120) and an OS command injection vulnerability in CLI in FortiAnalyzer and FortiManager (CVE-2022-27483).

Catch up with the latest enterprise security news

Meanwhile, cross-site scripting (XSS) issues in the FortiEDR endpoint security solution (CVE-2022-29057); a privilege escalation bug in FortiManager and FortiAnalyzer (CVE-2022-26118); and stack-based buffer overflows in diagnostic CLI commands affecting FortiOS and FortiProxy (CVE-2021-44170).

The sixth and final medium severity issue is an integer overflow in dhcpd daemon impacting FortiOS, FortiProxy, FortiSwitch ethernet switches, the FortiRecoder video surveillance system, and the FortiVoiceEnterprise communications system, (CVE-2021-42755).

Last and least, in threat terms, is a low severity XSS vulnerability affecting FortiOS (CVE-2022-23438).

YOU MIGHT ALSO LIKE Spring Data MongoDB hit by another critical SpEL injection flaw

Related news

CVE-2021-43072: Fortiguard

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.

CVE-2022-29057: Fortiguard

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.

CVE-2022-30302: Fortiguard

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

CVE-2022-27483: Fortiguard

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.

CVE-2022-26117: Fortiguard

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below  may allow an authenticated attacker to access the MySQL databases via the CLI.

CVE-2021-41031: Fortiguard

A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service.

CVE-2022-23438: Fortiguard

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.

CVE-2022-26120: Fortiguard

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

CVE-2022-26118: Fortiguard

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.

CVE-2021-42755: Fortiguard

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

CVE-2021-44170: Fortiguard

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite

Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite

Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite

Cisco and Fortinet Release Security Patches for Multiple Products

Cisco on Wednesday rolled out patches for 10 security flaws spanning multiple products, one of which is rated Critical in severity and could be weaponized to conduct absolute path traversal attacks. The issues, tracked as CVE-2022-20812 and CVE-2022-20813, affect Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) and "could allow a remote attacker to overwrite

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig