Fortinet, a cybersecurity firm headquartered in Sunnyvale, California develops and sells cybersecurity options, similar to bodily firewalls, antivirus software program, intrusion prevention techniques, and endpoint safety parts.
Lately, the corporate has issued safety fixes for the a number of merchandise that have an effect on its numerous endpoint safety merchandise.
Path Traversal Vulnerability
The failings that are rated excessive in severity embrace Path traversal vulnerability tracked as (CVE-2022-30302) within the FortiDeceptor administration interface that permits a distant and authenticated attacker to retrieve and delete arbitrary recordsdata from the underlying filesystem by way of specifically crafted internet requests.
The Fortinet advisory mentions the next affected merchandise:
- FortiDeceptor model 1.0.0 by means of 1.0.1
- FortiDeceptor model 1.1.0
- FortiDeceptor model 2.0.0
- FortiDeceptor model 2.1.0
- FortiDeceptor model 3.0.0 by means of 3.0.2
- FortiDeceptor model 3.1.0 by means of 3.1.1
- FortiDeceptor model 3.2.0 by means of 3.2.2
- FortiDeceptor model 3.3.0 by means of 3.3.2
- FortiDeceptor model 4.0.0 by means of 4.0.1
Patch Launched:
- FortiDeceptor model 4.1.0 or above
- FortiDeceptor model 4.0.2 or above
- FortiDeceptor model 3.3.3 or above
Privilege Escalation by way of Listing Traversal Assault
A excessive severity flaw was tracked as (CVE-2021-41031) in FortiClient (Home windows), which permits a neighborhood unprivileged attacker to escalate their privileges to SYSTEM by way of the named pipe accountable for FortiESNAC service.
The affected merchandise embrace:
- FortiClientWindows model 7.0.0 by means of 7.0.2
- FortiClientWindows model 6.4.0 by means of 6.4.6
- FortiClientWindows model 6.2.0 by means of 6.2.9
Patch Launched:
- improve to FortiClientWindows model 7.0.3 or above
- improve to FortiClientWindows model 6.4.7 or above
Basic Buffer Overflow Vulnerability
A vulnerability tracked as (CVE-2021-43072), rated as excessive severity present in FortiAnalyzer, FortiManager, FortiOS, and FortiProxy. On the profitable exploitation, it permits an attacker to execute arbitrary code or command by way of crafted CLI ‘execute restore picture’ and ‘execute certificates distant’ operations with the TFTP protocol.
The Affected Merchandise embrace:
- FortiManager model 5.6.0 by means of 5.6.11
- FortiManager model 6.0.0 by means of 6.0.11
- FortiManager model 6.2.0 by means of 6.2.9
- FortiManager model 6.4.0 by means of 6.4.7
- FortiManager model 7.0.0 by means of 7.0.2
- FortiAnalyzer model 5.6.0 by means of 5.6.11
- FortiAnalyzer model 6.0.0 by means of 6.0.11
- FortiAnalyzer model 6.2.0 by means of 6.2.9
- FortiAnalyzer model 6.4.0 by means of 6.4.7
- FortiAnalyzer model 7.0.0 by means of 7.0.2
- FortiOS model 6.0.0 by means of 6.0.14
- FortiOS model 6.2.0 by means of 6.2.10
- FortiOS model 6.4.0 by means of 6.4.8
- FortiOS model 7.0.0 by means of 7.0.5
- FortiProxy model 1.0.0 by means of 1.0.7
- FortiProxy model 1.1.0 by means of 1.1.6
- FortiProxy model 1.2.0 by means of 1.2.13
- FortiProxy model 2.0.0 by means of 2.0.8
- FortiProxy model 7.0.0 by means of 7.0.3
Patch Launched:
- improve to FortiManager model 7.0.3 or above
- improve to FortiManager model 6.4.8 or above
- improve to FortiAnalyzer model 7.0.3 or above
- improve to FortiAnalyzer model 6.4.8 or above
- improve to FortiProxy model 7.0.4 or above
- improve to FortiProxy model 2.0.9 or above
- improve to FortiOS model 7.2.0 or above
- improve to FortiOS model 7.0.6 or above
- improve to FortiOS model 6.4.9 or above
- improve to FortiOS model 6.2.11 or above
Unprotected MySQL root account
An empty password in configuration file vulnerability tracked as (CVE-2022-26117) rated excessive severity, by means of which an attacker may entry the MySQL databases by way of the command line interface.
The Affected Merchandise embrace:
- FortiNAC model 8.3.7
- FortiNAC model 8.5.0 by means of 8.5.2
- FortiNAC model 8.5.4
- FortiNAC model 8.6.0
- FortiNAC model 8.6.2 by means of 8.6.5
- FortiNAC model 8.7.0 by means of 8.7.6
- FortiNAC model 8.8.0 by means of 8.8.11
- FortiNAC model 9.1.0 by means of 9.1.5
- FortiNAC model 9.2.0 by means of 9.2.3
Patch Launched
- improve to FortiNAC model 9.2.4 or above
- Improve to FortiNAC model 9.1.6 or above.
Subsequently, Fortinet addressed as many as 4 high-severity vulnerabilities affecting FortiAnalyzer, FortiClient, FortiDeceptor, and FortiNAC.
You possibly can comply with us on Linkedin, Twitter, Fb for each day Cybersecurity and hacking information updates.