Four high, six medium, and one low severity issue fixed
Fortinet has addressed a raft of security vulnerabilities affecting several of its endpoint security products.
The California-headquartered cybersecurity giant, which accounts for more than a third of all firewall and unified threat management shipments worldwide, released a huge number of firmware and software updates on Tuesday (July 5).
A quartet of high severity flaws includes multiple relative path traversal bugs in the management interface of FortiDeceptor, which spins up virtual machines that serve as honeypots for network intruders (CVE-2022-30302).
Abuse of these “may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests”, according to the corresponding Fortinet advisory.
Similarly, attackers could achieve privilege escalation in Windows versions of endpoint protection and VPN product FortiClient via path traversal in the named pipe responsible for the FortiESNAC service (CVE-2021-41031).
The FortiNAC network access control solution, meanwhile, suffered from an “empty password in configuration file vulnerability” through which an authenticated attacker could access the MySQL databases via the command line interface (CLI) (CVE-2022-26117).
The other high severity issue, which applies to security event analysis appliance FortiAnalyzer, the FortiManager network management device, the FortiOS operating system, and the FortiProxy web proxy, “may allow a privileged attacker to execute arbitrary code or command via crafted CLI ‘execute restore image’ and ‘execute certificate remote’ operations with the TFTP protocol” (CVE-2021-43072).
Medium severity issues in the patch batch include SQL injection vulnerabilities in the FortiADC application delivery controller (CVE-2022-26120) and an OS command injection vulnerability in CLI in FortiAnalyzer and FortiManager (CVE-2022-27483).
Meanwhile, cross-site scripting (XSS) issues in the FortiEDR endpoint security solution (CVE-2022-29057); a privilege escalation bug in FortiManager and FortiAnalyzer (CVE-2022-26118); and stack-based buffer overflows in diagnostic CLI commands affecting FortiOS and FortiProxy (CVE-2021-44170).
The sixth and final medium severity issue is an integer overflow in dhcpd daemon impacting FortiOS, FortiProxy, FortiSwitch ethernet switches, the FortiRecoder video surveillance system, and the FortiVoiceEnterprise communications system, (CVE-2021-42755).
Last and least, in threat terms, is a low severity XSS vulnerability affecting FortiOS (CVE-2022-23438).
YOU MIGHT ALSO LIKE Spring Data MongoDB hit by another critical SpEL injection flaw