Security
Headlines
HeadlinesLatestCVEs

Headline

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others. Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity. Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8)

The Hacker News
#vulnerability#web#ios#buffer_overflow#auth#The Hacker News

Network Security / Firewall

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others.

Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.

Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution.

“An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system,” Fortinet said in an advisory earlier this week.

The products impacted by the vulnerability are as follows -

  • FortiNAC version 9.4.0
  • FortiNAC version 9.2.0 through 9.2.5
  • FortiNAC version 9.1.0 through 9.1.7
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions, and
  • FortiNAC 8.3 all versions

Patches have been released in FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. Penetration testing firm Horizon3.ai said it plans to release a proof-of-concept (PoC) code for the flaw “soon,” making it imperative that users move quickly to apply the updates.

The second flaw of note is a set of stack-based buffer overflow in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS score: 9.3) that could enable an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CVE-2021-42756 affects the below versions of FortiWeb, with fixes available in versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and 7.0.0 -

  • FortiWeb versions 6.4 all versions
  • FortiWeb versions 6.3.16 and below
  • FortiWeb versions 6.2.6 and below
  • FortiWeb versions 6.1.2 and below
  • FortiWeb versions 6.0.7 and below, and
  • FortiWeb versions 5.x all versions

Both the flaws were internally discovered and reported by its product security team, Fortinet said. Interestingly, CVE-2021-42756 also appears to have been identified in 2021 but not publicly disclosed until now.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on

Botnets Send Exploits Within Days to Weeks After Published PoC

Six months of honeypot data finds that 19% of traffic to sensors were malicious exploit attempts, and 95% of those attempts came from just three botnets.

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization. "A deserialization of untrusted data

Fortinet FortiNAC keyUpload.jsp Arbitrary File Write

This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on FortiNAC versions 9.4 prior to 9.4.1, FortiNAC versions 9.2 prior to 9.2.6, FortiNAC versions 9.1 prior to 9.1.8, all versions of FortiNAC 8.8, all versions of FortiNAC 8.7, all versions of FortiNAC 8.6, all versions of FortiNAC 8.5, and all versions of FortiNAC 8.3.

New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in

Exploit Code Released for Critical Fortinet RCE Bug

Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.

CVE-2021-42756: Fortiguard

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.