Skip to main content

Fortinet Products Multiple Vulnerabilities

Last Update Date: 14 Mar 2023 Release Date: 9 Mar 2023 5727 Views

RISK: High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, denial of service condition, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

 

[Updated on 2023-03-14] 

Updated risk level to high due to scattered exploit for CVE-2022-41328 vulnerability.
 

Note:

CVE-2022-41328 vulnerability is being used in scattered exploit that allowed threat actors to execute unauthorized code or commands.


Impact

  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • FortiAnalyzer 6.4 all versions
  • FortiAnalyzer version 6.0.0 through 6.0.4
  • FortiAnalyzer version 6.4.0 through 6.4.10
  • FortiAnalyzer version 7.0.0 through 7.0.5
  • FortiAnalyzer version 7.2.0 through 7.2.1
  • FortiAuthenticator version 5.4 all versions
  • FortiAuthenticator version 5.5 all versions
  • FortiAuthenticator version 6.0 all versions
  • FortiAuthenticator version 6.1 all versions
  • FortiAuthenticator version 6.2 all versions
  • FortiAuthenticator version 6.3 all versions
  • FortiAuthenticator version 6.4 all versions
  • FortiDeceptor version 1.0 all versions
  • FortiDeceptor version 1.1 all versions
  • FortiDeceptor version 2.0 all versions
  • FortiDeceptor version 2.1 all versions
  • FortiDeceptor version 3.0 all versions
  • FortiDeceptor version 3.1 all versions
  • FortiMail version 6.0.0 through 6.0.9
  • FortiMail version 6.2.1 through 6.2.4
  • FortiMail version 6.4.0
  • FortiManager version 6.0.0 through 6.0.4
  • FortiNAC all versions 8.8, 8.7, 8.6, 8.5, 8.3
  • FortiNAC version 9.1.0 through 9.1.8
  • FortiNAC version 9.2.0 through 9.2.6
  • FortiNAC version 9.4.0 through 9.4.1
  • FortiOS 6.0 all versions
  • FortiOS 6.2 all versions
  • FortiOS version 6.2.0 through 6.2.12
  • FortiOS version 6.2.3 and above
  • FortiOS version 6.4.0 through 6.4.11
  • FortiOS version 7.0.0 through 7.0.9
  • FortiOS version 7.2.0 through 7.2.3
  • FortiPortal 4.1 all versions
  • FortiPortal 4.2 all versions
  • FortiPortal 5.0 all versions
  • FortiPortal 5.1 all versions
  • FortiPortal 5.2 all versions
  • FortiPortal 5.3 all versions
  • FortiPortal version 6.0.0 through 6.0.9
  • FortiProxy 1.1 all versions
  • FortiProxy 1.2 all versions
  • FortiProxy version 1.1.0 through 1.1.6
  • FortiProxy version 1.2.0 through 1.2.13
  • FortiProxy version 2.0.0 through 2.0.11
  • FortiProxy version 7.0.0 through 7.0.8
  • FortiProxy version 7.2.0 through 7.2.2
  • FortiRecorder 2.7 all versions
  • FortiRecorder 6.0 all versions
  • FortiRecorder version 6.4.0 through 6.4.3
  • FortiSOAR version 7.3.0 through 7.3.1
  • FortiSwitch version 6.0.0 through 6.0.7
  • FortiSwitch version 6.2.0 through 6.2.7
  • FortiSwitch version 6.4.0 through 6.4.10
  • FortiSwitch version 7.0.0 through 7.0.4
  • FortiWeb 6.4 all versions
  • FortiWeb 6.0 all versions
  • FortiWeb 6.1 all versions
  • FortiWeb 6.2 all versions
  • FortiWeb version 6.3.0 through 6.3.17
  • FortiWeb version 6.3.6 through 6.3.20
  • FortiWeb version 6.4.0 through 6.4.1
  • FortiWeb version 7.0.0 through 7.0.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link