Fortinet Products Multiple Vulnerabilities
Release Date:
5 May 2023
4843
Views
RISK: Medium Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Impact
- Security Restriction Bypass
- Information Disclosure
- Remote Code Execution
- Data Manipulation
System / Technologies affected
- FortiADC 5.2 all versions
- FortiADC 5.3 all versions
- FortiADC 5.4 all versions
- FortiADC 6.0 all versions
- FortiADC 6.1 all versions
- FortiADC 6.2 all versions
- FortiADC 7.0 all versions
- FortiADC version 7.1.0 through 7.1.1
- FortiADC version 7.2.0
- FortiNAC 8.7 all versions
- FortiNAC 8.8 all versions
- FortiNAC 9.1 all versions
- FortiNAC 9.2 all versions
- FortiNAC version 9.4.0 through 9.4.2
- FortiNAC-F version 7.2.0
- FortiOS 6.0 all versions
- FortiOS version 6.2.0 through 6.2.13
- FortiOS version 6.4.0 through 6.4.11
- FortiOS version 7.0.0 through 7.0.10
- FortiOS version 7.2.0 through 7.2.3
- FortiProxy all versions 2.0, 1.2, 1.1, 1.0
- FortiProxy version 7.0.0 through 7.0.7
- FortiProxy version 7.2.0 through 7.2.1
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://fortiguard.fortinet.com/psirt/FG-IR-23-069
- https://fortiguard.fortinet.com/psirt/FG-IR-23-013
- https://fortiguard.fortinet.com/psirt/FG-IR-22-452
- https://fortiguard.fortinet.com/psirt/FG-IR-22-297
- https://fortiguard.fortinet.com/psirt/FG-IR-22-520
- https://fortiguard.fortinet.com/psirt/FG-IR-22-475
- https://fortiguard.fortinet.com/psirt/FG-IR-22-456
- https://fortiguard.fortinet.com/psirt/FG-IR-22-464
- https://fortiguard.fortinet.com/psirt/FG-IR-22-407
Vulnerability Identifier
- CVE-2022-43950
- CVE-2022-45858
- CVE-2022-45859
- CVE-2022-45860
- CVE-2023-22637
- CVE-2023-22640
- CVE-2023-26203
- CVE-2023-27993
- CVE-2023-27999
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2023.2499
- https://www.auscert.org.au/bulletins/ESB-2023.2498
- https://www.auscert.org.au/bulletins/ESB-2023.2497
- https://www.auscert.org.au/bulletins/ESB-2023.2496
- https://www.auscert.org.au/bulletins/ESB-2023.2495
- https://www.auscert.org.au/bulletins/ESB-2023.2494
- https://www.auscert.org.au/bulletins/ESB-2023.2493
- https://www.auscert.org.au/bulletins/ESB-2023.2492
- https://www.auscert.org.au/bulletins/ESB-2023.2491
- https://fortiguard.fortinet.com/psirt/FG-IR-23-069
- https://fortiguard.fortinet.com/psirt/FG-IR-23-013
- https://fortiguard.fortinet.com/psirt/FG-IR-22-452
- https://fortiguard.fortinet.com/psirt/FG-IR-22-297
- https://fortiguard.fortinet.com/psirt/FG-IR-22-520
- https://fortiguard.fortinet.com/psirt/FG-IR-22-475
- https://fortiguard.fortinet.com/psirt/FG-IR-22-456
- https://fortiguard.fortinet.com/psirt/FG-IR-22-464
- https://fortiguard.fortinet.com/psirt/FG-IR-22-407
Related Tags
Share with