Fortinet Products Multiple Vulnerabilities
Release Date:
20 Feb 2023
5313
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, denial of service, information disclosure, cross-site scripting and elevation of privilege on the targeted system.
Impact
- Security Restriction Bypass
- Denial of Service
- Information Disclosure
- Cross-Site Scripting
- Elevation of Privilege
System / Technologies affected
- FortiAuthenticator 5.5 all versions
- FortiAuthenticator version 6.0.0 through 6.0.4
- FortiAuthenticator version 6.1.0
- FortiOS 6.0 all versions
- FortiOS 6.2 all versions
- FortiOS 6.4 all versions
- FortiOS version 6.0.0 through 6.0.13
- FortiOS version 6.2.0 through 6.2.12
- FortiOS version 6.2.0 through 6.2.9
- FortiOS version 6.4.0 through 6.4.1
- FortiOS version 6.4.0 through 6.4.10
- FortiOS version 7.0.0 through 7.0.7
- FortiOS version 7.0.0 through 7.0.8
- FortiOS version 7.2.0
- FortiOS version 7.2.0 through 7.2.2
- FortiOS version 7.2.0 through 7.2.3
- FortiOS versions 6.4.8 and below
- FortiOS versions 7.0.3 and below
- FortiProxy 1.0 all versions
- FortiProxy 1.1 all versions
- FortiProxy 1.2 all versions
- FortiProxy 2.0 all versions
- FortiProxy version 2.0.0 through 2.0.10
- FortiProxy version 7.0.0 through 7.0.6
- FortiProxy version 7.0.0 through 7.0.7
- FortiProxy version 7.2.0 through 7.2.1
- FortiProxy versions 2.0.7 and below
- FortiProxy versions 7.0.1 and below
- FortiSwitch 6.0 all versions
- FortiSwitch 6.2 all versions
- FortiSwitch versions 6.4.10 and below
- FortiSwitch versions 7.0.3 and below
- FortiSwitchManager version 7.0.0
- FortiSwitchManager version 7.2.0
- FortiWeb 6.0 all versions
- FortiWeb 6.1 all versions
- FortiWeb 6.2 all versions
- FortiWeb 6.4 all versions
- FortiWeb versions 6.3.16 and below
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://www.fortiguard.com/psirt/FG-IR-22-346
- https://www.fortiguard.com/psirt/FG-IR-22-257
- https://www.fortiguard.com/psirt/FG-IR-22-362
- https://www.fortiguard.com/psirt/FG-IR-22-126
- https://www.fortiguard.com/psirt/FG-IR-22-224
- https://www.fortiguard.com/psirt/FG-IR-22-080
- https://www.fortiguard.com/psirt/FG-IR-22-014
- https://www.fortiguard.com/psirt/FG-IR-22-391
Vulnerability Identifier
- CVE-2021-43074
- CVE-2022-22302
- CVE-2022-29054
- CVE-2022-38378
- CVE-2022-39948
- CVE-2022-41334
- CVE-2022-41335
- CVE-2022-42472
Source
Related Link
- https://www.fortiguard.com/psirt/FG-IR-22-346
- https://www.fortiguard.com/psirt/FG-IR-22-257
- https://www.fortiguard.com/psirt/FG-IR-22-362
- https://www.fortiguard.com/psirt/FG-IR-22-126
- https://www.fortiguard.com/psirt/FG-IR-22-224
- https://www.fortiguard.com/psirt/FG-IR-22-080
- https://www.fortiguard.com/psirt/FG-IR-22-014
- https://www.fortiguard.com/psirt/FG-IR-22-391
Related Tags
Share with