Skip to main content

Fortinet Products Multiple Vulnerabilities

Last Update Date: 11 Oct 2022 15:00 Release Date: 11 Oct 2022 6885 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and security restriction bypass on the targeted system.

 

Note:
CVE-2022-40684 is being exploited in the wild.

 

An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.


Impact

  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass

System / Technologies affected

For exploit in the wild CVE-2022-40684

 

  • FortiOS version 7.0.0 through 7.0.6
  • FortiOS version 7.2.0 through 7.2.1
  • FortiProxy version 7.0.0 through 7.0.6
  • FortiProxy version 7.2.0
  • FortiSwitchManager version 7.0.0
  • FortiSwitchManager version 7.2.0

 

For Others CVE

 

  • FortiOS version 6.0.0 through 6.0.14
  • FortiOS version 6.2.0 through 6.2.10
  • FortiOS version 6.4.0 through 6.4.3
  • FortiOS version 6.4.0 through 6.4.8
  • FortiOS version 6.4.4 through 6.4.9
  • FortiOS version 7.0.0 through 7.0.3
  • FortiOS version 7.0.0 through 7.0.5
  • FortiOS version 7.2.0
  • FortiProxy version 1.2.6 through 1.2.13
  • FortiProxy version 2.0.0 through 2.0.9
  • FortiProxy version 7.0.0 through 7.0.4

 

 


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

For exploit in the wild CVE-2022-40684

Apply fixes issued by the vendor:

For others CVE

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link