Fortinet Products Multiple Vulnerabilities

Impact

• Security Restriction Bypass
• Remote Code Execution

System / Technologies affected

• FortiADC version 7.1.0
• FortiADC version 7.0.0 through 7.0.2
• FortiADC version 6.2.0 through 6.2.4
• FortiADC version 6.1 all versions
• FortiADC version 6.0 all versions
• FortiADC version 5.4 all versions
• FortiADC version 5.3 all versions
• FortiADC version 5.2 all versions
• FortiSandbox version 3.1.0 through 3.1.5
• FortiSandbox version 3.2.0 through 3.2.3
• FortiSandbox version 4.0.0 through 4.0.2
• FortiDeceptor version 4.2.0
• FortiDeceptor version 4.1.0 through 4.1.1
• FortiDeceptor version 4.0.0 through 4.0.2
• FortiDeceptor version 3.3.0 through 3.3.3
• FortiDeceptor version 3.2.0 through 3.2.2
• FortiDeceptor version 3.1.0 through 3.1.1
• FortiDeceptor version 3.0.0 through 3.0.2
• FortiOS version 7.2.0 through 7.2.1
• FortiOS version 7.0.0 through 7.0.7
• FortiOS version 6.4.0 through 6.4.9
• FortiOS version 6.2 all versions
• FortiOS version 6.0 all versions
• FortiProxy version 7.0.0 through 7.0.6
• FortiProxy version 2.0.0 through 2.0.10
• FortiProxy version 1.2.0

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-21-170
• https://fortiguard.fortinet.com/psirt/FG-IR-22-252
• https://fortiguard.fortinet.com/psirt/FG-IR-22-255

Vulnerability Identifier

• CVE-2022-30305
• CVE-2022-33875
• CVE-2022-35843

Source

• AusCERT
• Fortinet

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.6362
• https://www.auscert.org.au/bulletins/ESB-2022.6358
• https://www.auscert.org.au/bulletins/ESB-2022.6359
• https://fortiguard.fortinet.com/psirt/FG-IR-21-170
• https://fortiguard.fortinet.com/psirt/FG-IR-22-252
• https://fortiguard.fortinet.com/psirt/FG-IR-22-255