Fortinet Products Multiple Vulnerabilities

Release Date: 9 Jun 2022 5145 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products, a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, spoofing and cross-site scripting on the targeted system.

Impact

Remote Code Execution
Information Disclosure
Spoofing
Cross-Site Scripting

System / Technologies affected

FortiAnalyzer 7.0.2 and prior versions
FortiAnalyzer 6.4.7 and prior versions
FortiAP-U versions 6.2.0 to 6.2.3
FortiAP-U versions 6.0.0 to 6.0.4
FortiAP-U versions 5.4.0 to 5.4.6
FortiAuthenticator Agent for Microsoft OWA version 2.1
FortiAuthenticator Agent for Microsoft OWA version 2.2
FortiClientWindows versions 6.0.0 to 6.0.10
FortiClientWindows versions 6.2.0 to 6.2.9
FortiClientWindows versions 6.4.0 to 6.4.7
FortiClientWindows versions 7.0.0 to 7.0.3
FortiDDoS versions 5.5.0 to 5.5.1
FortiDDoS versions 5.4.0 to 5.4.2
FortiDDoS versions 5.3.0 to 5.3.1
FortiDDoS version 5.2.0
FortiDDoS version 5.1.0
FortiOS versions 6.2.x
FortiOS versions 6.0.x
FortiManager 7.0.1 and prior versions
FortiManager 6.4.6 and prior versions
FortiSandbox versions 4.0.x
FortiSandbox versions 3.2.x
FortiSandbox 3.1.5 and prior versions
FortiTokenMobile for Android v5.0.3 and prior versions
FortiTokenMobile for iOS v5.2.0 and prior versions
FortiTokenMobile for Windows v4.0.3 and prior versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:
https://fortiguard.fortinet.com/psirt/FG-IR-18-292
https://fortiguard.fortinet.com/psirt/FG-IR-21-024
https://fortiguard.fortinet.com/psirt/FG-IR-22-021
https://fortiguard.fortinet.com/psirt/FG-IR-22-044
https://fortiguard.fortinet.com/psirt/FG-IR-22-071
https://fortiguard.fortinet.com/psirt/FG-IR-22-109

Vulnerability Identifier

Source

Fortinet