Fortinet Products Multiple Vulnerabilities

Last Update Date: 14 Mar 2023 Release Date: 9 Mar 2023 5542 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

[Updated on 2023-03-14]

Updated risk level to high due to scattered exploit for CVE-2022-41328 vulnerability.

Note:

CVE-2022-41328 vulnerability is being used in scattered exploit that allowed threat actors to execute unauthorized code or commands.

Impact

Cross-Site Scripting
Denial of Service
Elevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure

System / Technologies affected

FortiAnalyzer 6.4 all versions
FortiAnalyzer version 6.0.0 through 6.0.4
FortiAnalyzer version 6.4.0 through 6.4.10
FortiAnalyzer version 7.0.0 through 7.0.5
FortiAnalyzer version 7.2.0 through 7.2.1
FortiAuthenticator version 5.4 all versions
FortiAuthenticator version 5.5 all versions
FortiAuthenticator version 6.0 all versions
FortiAuthenticator version 6.1 all versions
FortiAuthenticator version 6.2 all versions
FortiAuthenticator version 6.3 all versions
FortiAuthenticator version 6.4 all versions
FortiDeceptor version 1.0 all versions
FortiDeceptor version 1.1 all versions
FortiDeceptor version 2.0 all versions
FortiDeceptor version 2.1 all versions
FortiDeceptor version 3.0 all versions
FortiDeceptor version 3.1 all versions
FortiMail version 6.0.0 through 6.0.9
FortiMail version 6.2.1 through 6.2.4
FortiMail version 6.4.0
FortiManager version 6.0.0 through 6.0.4
FortiNAC all versions 8.8, 8.7, 8.6, 8.5, 8.3
FortiNAC version 9.1.0 through 9.1.8
FortiNAC version 9.2.0 through 9.2.6
FortiNAC version 9.4.0 through 9.4.1
FortiOS 6.0 all versions
FortiOS 6.2 all versions
FortiOS version 6.2.0 through 6.2.12
FortiOS version 6.2.3 and above
FortiOS version 6.4.0 through 6.4.11
FortiOS version 7.0.0 through 7.0.9
FortiOS version 7.2.0 through 7.2.3
FortiPortal 4.1 all versions
FortiPortal 4.2 all versions
FortiPortal 5.0 all versions
FortiPortal 5.1 all versions
FortiPortal 5.2 all versions
FortiPortal 5.3 all versions
FortiPortal version 6.0.0 through 6.0.9
FortiProxy 1.1 all versions
FortiProxy 1.2 all versions
FortiProxy version 1.1.0 through 1.1.6
FortiProxy version 1.2.0 through 1.2.13
FortiProxy version 2.0.0 through 2.0.11
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 7.2.0 through 7.2.2
FortiRecorder 2.7 all versions
FortiRecorder 6.0 all versions
FortiRecorder version 6.4.0 through 6.4.3
FortiSOAR version 7.3.0 through 7.3.1
FortiSwitch version 6.0.0 through 6.0.7
FortiSwitch version 6.2.0 through 6.2.7
FortiSwitch version 6.4.0 through 6.4.10
FortiSwitch version 7.0.0 through 7.0.4
FortiWeb 6.4 all versions
FortiWeb 6.0 all versions
FortiWeb 6.1 all versions
FortiWeb 6.2 all versions
FortiWeb version 6.3.0 through 6.3.17
FortiWeb version 6.3.6 through 6.3.20
FortiWeb version 6.4.0 through 6.4.1
FortiWeb version 7.0.0 through 7.0.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Fortinet