Fortinet addressed multiple vulnerabilities in several products

Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor.

Fortinet addressed multiple vulnerabilities in several products of the vendor. Impacted products are FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise.

Four of the fixed issues have been rated as a “high” severity, they are CVE-2022-26117, CVE-2021-43072, CVE-2022-30302, and CVE-2021-41031.

Below are the details of these flaws:

CVE-2022-26117: Unprotected MySQL root account – An empty password in configuration file vulnerability [CWE-258] in FortiNAC may allow an authenticated attacker to access the MySQL databases via the CLI.

CVE-2021-43072: stack-based buffer overflow via crafted CLI execute command – A buffer copy without checking size of input (‘Classic Buffer Overflow’)  vulnerability [CWE-120] in FortiAnalyzer, FortiManager, FortiOS and FortiProxy may allow a privileged attacker to execute arbitrary code or command via crafted CLI `execute restore image` and `execute certificate remote` operations with the TFTP protocol.

CVE-2022-30302: Path traversal vulnerability – Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

CVE-2021-41031: Privilege Escalation via directory traversal attack – A relative path traversal vulnerability [CWE-23] in FortiClient for Windows may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Forinet)

[adrotate banner=”5″]

[adrotate banner=”13″]