Fortinet Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and security restriction bypass on the targeted system.
Note:
CVE-2022-40684 is being exploited in the wild.
An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Impact
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
For exploit in the wild CVE-2022-40684
- FortiOS version 7.0.0 through 7.0.6
- FortiOS version 7.2.0 through 7.2.1
- FortiProxy version 7.0.0 through 7.0.6
- FortiProxy version 7.2.0
- FortiSwitchManager version 7.0.0
- FortiSwitchManager version 7.2.0
For Others CVE
- FortiOS version 6.0.0 through 6.0.14
- FortiOS version 6.2.0 through 6.2.10
- FortiOS version 6.4.0 through 6.4.3
- FortiOS version 6.4.0 through 6.4.8
- FortiOS version 6.4.4 through 6.4.9
- FortiOS version 7.0.0 through 7.0.3
- FortiOS version 7.0.0 through 7.0.5
- FortiOS version 7.2.0
- FortiProxy version 1.2.6 through 1.2.13
- FortiProxy version 2.0.0 through 2.0.9
- FortiProxy version 7.0.0 through 7.0.4
Solutions
Before installation of the software, please visit the vendor web-site for more details.
For exploit in the wild CVE-2022-40684
Apply fixes issued by the vendor:
For others CVE
Apply fixes issued by the vendor:
Vulnerability Identifier
Source
Related Link
Related Tags
Share with