Anonymous Hackers Sound on the Rise of ChatGPT: Insider Insight     Discover the Thrilling World of AI in "Ex Machina" - Now Available to Stream Online for FREE     Revolutionizing AI: A Comprehensive Review of Soul Machine's Cutting-Edge Products and Services     Introduction to ChatGPT - Building Conversational AI     Google Bart AI vs Microsoft GPT-4 War began

Fortinet Products Multiple Vulnerabilities

Written by 

20 February 2023

Cyber Attacks
Be the first to comment!
Group of hackers trying to attack a vulnerable computers using varies exploitations Group of hackers trying to attack a vulnerable computers using varies exploitations DALL-E

Fortinet Products Multiple Vulnerabilities

Threat Level: High

Components Affected

  • FortiNAC version 9.4.0
  • FortiNAC version 9.2.0 through 9.2.5
  • FortiNAC version 9.1.0 through 9.1.7
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.3 all versions
  • FortiWeb versions 6.4 all versions
  • FortiWeb versions 6.3.16 and below
  • FortiWeb versions 6.2.6 and below
  • FortiWeb versions 6.1.2 and below
  • FortiWeb versions 6.0.7 and below
  • FortiWeb versions 5.x all versions

Overview

Multiple products of Fortinet were found to be vulnerable. This vulnerability can be exploited by a remote attacker to perform security restriction bypass, denial of service, information disclosure, cross-site scripting, and elevation of privilege on the targeted system.

Description

Fortinet has identified two vulnerabilities in FortiNAC and FortiWeb products which could allow unauthenticated attackers to perform arbitrary code or command execution. The first vulnerability impacting FortiNAC, is tracked as CVE-2022-39952, where an external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system. The second vulnerability that impacts FortiWeb is CVE-2021-42756, multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb's proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Impact

  • Security Restriction Bypass
  • Denial of Service
  • Information Disclosure
  • Cross-Site Scripting
  • Elevation of Privilege 

Solution/ Workarounds

To fix the issues users are advised to follow the vendor’s recommendation by updating to the latest version of the Fortinet products.

https://www.fortiguard.com/psirt/FG-IR-22-300

https://www.fortiguard.com/psirt/FG-IR-21-186 

Reference

Disclaimer

The information provided herein is on an "as is" basis, without warranty of any kind.

Read 80 times

Last modified on Monday, 20 February 2023 15:11

Rate this item
(0 votes)
K Dinesh Kumara

Founder and Editor, of PC World Online Magazine

I'm an Entrepreneur and an Educator. I like ICT, Psychology, Financial Literacy, Meditation, and Yogic Sciences. Discovering, learning, experiencing, and sharing is my hobby.

Website: https://www.pcworld.lk
Latest from K Dinesh Kumara

Leave a comment

Dear valued users,

We welcome you to the PC World Magazine Website and appreciate your interest in commenting on our articles. This platform is intended for thoughtful discussions and exchanging ideas and information related to the topic of the article. However, please be mindful that we do not tolerate any illegal activities or marketing purposes. Misusing the comment section for such purposes will result in the immediate removal of the comment and could result in the termination of your account. We ask that you keep your comments respectful, on-topic, and relevant to the article. Additionally, please do not post personal information, hate speech, or offensive content. Thank you for your cooperation in creating a positive and productive environment for all users on the PC World Magazine Website.

Best regards,
PC World Magazine Team

More in this category:

Related items

back to top

The Technology Video of The Day

Email Newsletter Subscription

Fill out the subscription form by providing your email address and name. Click on the "Subscribe" button to complete the process.


Receive HTML?
Terms and Condition

Thank you for choosing to stay updated with our latest news and offerings!
Joomla Extensions powered by Joobi

Articles Archive

Articles Calendar

« March 2023 »
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
052708206
Today
Yesterday
This Week
Last Week
This Month
Last Month
All days
19488
54290
299437
51517721
1859544
1671166
52708206
Your IP: 44.200.171.156
2023-03-31 08:53
Go to top