Fortinet Products Multiple Vulnerabilities

Impact

• Cross-Site Scripting
• Information Disclosure
• Remote Code Execution
• Data Manipulation

System / Technologies affected

• FortiAuthenticator 6.1 all versions
• FortiAuthenticator 6.2 all versions
• FortiAuthenticator version 6.3.0 through 6.3.3
• FortiAuthenticator version 6.4.0 through 6.4.6
• FortiNAC 8.7 all versions
• FortiNAC 8.8 all versions
• FortiNAC 9.1 all versions
• FortiNAC 9.2 all versions
• FortiNAC version 9.4.0 through 9.4.1
• FortiOS all versions 6.2, 6.0
• FortiOS version 6.4.0 through 6.4.12
• FortiOS version 7.0.0 through 7.0.9
• FortiOS version 7.2.0 through 7.2.3
• FortiProxy all versions 2.0, 1.2, 1.1, 1.0
• FortiProxy version 7.0.0 through 7.0.8
• FortiProxy version 7.2.0 through 7.2.2
• FortiWeb 6.4 all versions
• FortiWeb version 6.0 all versions
• FortiWeb version 6.1 all versions
• FortiWeb version 6.2 all versions
• FortiWeb version 6.3.0 through 6.3.21
• FortiWeb version 7.0.0 through 7.0.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-22-409
• https://fortiguard.fortinet.com/psirt/FG-IR-22-479
• https://fortiguard.fortinet.com/psirt/FG-IR-22-428
• https://fortiguard.fortinet.com/psirt/FG-IR-22-275

Vulnerability Identifier

• CVE-2022-35850
• CVE-2022-43951
• CVE-2022-43955
• CVE-2023-22641

Source

• AusCERT
• Fortinet

Related Link

• https://www.auscert.org.au/bulletins/ESB-2023.2096
• https://www.auscert.org.au/bulletins/ESB-2023.2093
• https://www.auscert.org.au/bulletins/ESB-2023.2086
• https://www.auscert.org.au/bulletins/ESB-2023.2083
• https://fortiguard.fortinet.com/psirt/FG-IR-22-409
• https://fortiguard.fortinet.com/psirt/FG-IR-22-479
• https://fortiguard.fortinet.com/psirt/FG-IR-22-428
• https://fortiguard.fortinet.com/psirt/FG-IR-22-275