Fortinet has launched safety updates to tackle 40 vulnerabilities in its software program lineup, together with FortiWeb, FortiOS, FortiNAS, and FortiProxy, amongst others.
Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.
Top of the listing is a extreme bug residing within the FortiNAC community entry management resolution (CVE-2022-39952, CVSS rating: 9.8) that would result in arbitrary code execution.
“An exterior management of file identify or path vulnerability [CWE-73] in FortiNAC internet server could permit an unauthenticated attacker to carry out arbitrary write on the system,” Fortinet mentioned in an advisory earlier this week.
The merchandise impacted by the vulnerability are as follows –
- FortiNAC model 9.4.0
- FortiNAC model 9.2.0 by 9.2.5
- FortiNAC model 9.1.0 by 9.1.7
- FortiNAC 8.8 all variations
- FortiNAC 8.7 all variations
- FortiNAC 8.6 all variations
- FortiNAC 8.5 all variations, and
- FortiNAC 8.3 all variations
Patches have been launched in FortiNAC variations 7.2.0, 9.1.8, 9.1.8, and 9.1.8. Penetration testing agency Horizon3.ai mentioned it plans to launch a proof-of-concept (PoC) code for the flaw “quickly,” making it crucial that customers transfer shortly to use the updates.
The second flaw of notice is a set of stack-based buffer overflow in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS rating: 9.3) that would allow an unauthenticated distant attacker to realize arbitrary code execution by way of particularly crafted HTTP requests.
CVE-2021-42756 impacts the under variations of FortiWeb, with fixes obtainable in variations FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and seven.0.0 –
- FortiWeb variations 6.4 all variations
- FortiWeb variations 6.3.16 and under
- FortiWeb variations 6.2.6 and under
- FortiWeb variations 6.1.2 and under
- FortiWeb variations 6.0.7 and under, and
- FortiWeb variations 5.x all variations
Both the failings have been internally found and reported by its product safety workforce, Fortinet mentioned. Interestingly, CVE-2021-42756 additionally seems to have been recognized in 2021 however not publicly disclosed till now.