Fortinet Releases Multiple Security Updates

Updates address 1 Critical, 7 High, 11 Medium, and 2 Low severity vulnerabilities in FortiOS, FortiProxy, FortiSIEM, FortiADC, FortiNAC, FortiManager, FortiAnalyzer, FortiWeb, FortiClientWindows, FortiADCManager, FortiSwitchManager, FortiOS-6K7K, FortiConverter

Threat ID:: CC-4336
Threat Severity:: Information only
Published:: 13 June 2023 1:10 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

Fortinet FortiOS-6K7K

Fortinet FortiProxy

Fortinet FortiADC (Application Delivery Controllers)

FortiNAC

Fortinet FortiManager

Fortinet FortiWeb

Fortinet FortiSIEM

Fortinet FortiAnalyzer

Fortinet FortiClient

Fortinet FortiSwitch Manager

Threat details

Critical FortiOS & FortiProxy Vulnerability in SSL-VPN

For further information surrounding the Critical vulnerability CVE-2023-27997, please reference Cyber Alert CC-4334.

Introduction

Fortinet has released security updates to address 1 Critical, 7 High, 11 Medium, and 2 Low severity vulnerabilities in FortiOS, FortiProxy, FortiSIEM, FortiADC, FortiNAC, FortiManager, FortiAnalyzer, FortiWeb, FortiClientWindows, FortiADCManager, FortiSwitchManager, FortiOS-6K7K, and FortiConverter.

The High severity vulnerabilities include:

CVE-2023-26210 - Command injection vulnerability for FortiADC & FortiADC Manager
CVE-2022-39946 - Access control vulnerability for FortiNAC
CVE-2023-22633 - Access control vulnerability for FortiNAC
CVE-2023-29181 - Externally-controlled format string vulnerability for FortiOS
CVE-2023-29180 - NULL pointer dereference vulnerability for FortiOS
CVE-2022-41327 - Cleartext transmission vulnerability for FortiOS/FortiProxy
CVE-2022-42478 - Improper restriction of excessive authentication attempts vulnerability for FortiSIEM

Several of the addressed vulnerabilities could allow an attacker to execute unauthorised commands or achieve arbitrary code execution.

For further information on the Medium and Low vulnerabilities please refer to Fortinet's FortiGuard Labs PSIRT Advisories.

Remediation advice

Affected organisations are encouraged to review Fortinet's FortiGuard Labs PSIRT Advisories and apply the relevant updates.

For specific remediation advice around the Critical vulnerability CVE-2023-27997, please reference Cyber Alert CC-4334.

Remediation steps

Type	Step
Patch	FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands https://www.fortiguard.com/psirt/FG-IR-23-076
Patch	FortiNAC - Improper access control on administrative panels https://www.fortiguard.com/psirt/FG-IR-22-332
Patch	FortiNAC - SSL Renegotation leading to DoS https://www.fortiguard.com/psirt/FG-IR-22-521
	FortiOS - Format String Bug in Fclicense daemon https://www.fortiguard.com/psirt/FG-IR-23-119
Patch	FortiOS - Null pointer dereference in sslvnd https://www.fortiguard.com/psirt/FG-IR-23-111
Patch	FortiOS/FortiProxy - Read Only administrator can intercept sensitive data https://www.fortiguard.com/psirt/FG-IR-22-380
Patch	FortiSIEM - Bruteforce of Exposed Endpoints https://www.fortiguard.com/psirt/FG-IR-22-258

CVE Vulnerabilities

Status Reserved

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

Status Published

CVE-2022-39946

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

Status Reserved

CVE-2023-22633

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.

Status Reserved

CVE-2023-29181

This vulnerability affects an unknown code of the component Fclicense daemon. The manipulation with an unknown input leads to a format string vulnerability. The software uses a function that accepts a format string as an argument, but the format string originates from an external source. As an impact it is known to affect confidentiality, integrity, and availability.

Status Published

CVE-2022-41327

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

Status Published

CVE-2022-42478

An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.

Status Reserved

CVE-2023-29180

A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests.

Last edited: 13 June 2023 5:08 pm