Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

Feb 19, 2023 08:00 am Cyber Security 157
Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

Feb 19, 2023Ravie LakshmananNetwork Security / Firewall




Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAS, and FortiProxy, among others.


Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.


Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution.


"An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system," Fortinet said in an advisory earlier this week.

The products impacted by the vulnerability are as follows -


  • FortiNAC version 9.4.0

  • FortiNAC version 9.2.0 through 9.2.5

  • FortiNAC version 9.1.0 through 9.1.7

  • FortiNAC 8.8 all versions

  • FortiNAC 8.7 all versions

  • FortiNAC 8.6 all versions

  • FortiNAC 8.5 all versions, and

  • FortiNAC 8.3 all versions

    • Patches have been released in FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. Penetration testing firm Horizon3.ai said it plans to release a proof-of-concept (PoC) code for the flaw "soon," making it imperative that users move quickly to apply the updates.


    Th ..

    Support the originator by clicking the read the rest link below.

    fortinet issues patches flaws affecting fortiweb fortios fortios fortiproxy
    Read The Rest from the original source
    thehackernews.com

    Related News

    Be in Touch

    All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
    Powered By The Internet!!!!