Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products

Posted by Author Diksha Ojha on Posted on

Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330).

The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator.

Fortinet creates security solutions like firewalls, antivirus programs, or intrusion detection systems. These products are widely used in leading IT industries, making this security advisory important.

Description

CVE-2022-40682: Fortinet FortiClient for Windows Arbitrary File Creation Vulnerability

FortiClient is a Fabric Agent used for Endpoint Security that provides offers security, compliance, and authorized access in a single and modular client. The software runs on an endpoint, such as a laptop or mobile device, and connects to the Fortinet Security Fabric to give that device information, visibility, and control.  
 
The vulnerability originates from an incorrect authorization. The vulnerability may allow a local low-privileged user to create arbitrary files on the device filesystem on successful exploitation. 

CVE-2022-42470: Fortinet FortiClient for Windows Arbitrary File Creation Vulnerability

The vulnerability arises because the application allows an attacker to control the path of the files created. On successful exploitation, the vulnerability may allow a local low-privileged user to perform arbitrary file creation on the device filesystem. 

CVE-2022-43946: Fortinet FortiClient for Windows Improper Write Access Vulnerability

The vulnerability arises due to incorrect permission assignment for critical resources and a time-of-check time-of-use (TOCTOU) race condition. The vulnerability may allow an attacker to execute commands via writing data into a Windows pipe on successful exploitation. 

CVE-2022-41330: Fortinet FortiOS & FortiProxy Cross-Site Scripting (XSS) Vulnerability

The vulnerability arises due to improper neutralization of input during web page generation that leads to cross-site scripting vulnerabilities in the FortiOS and FortiProxy administrative interface. The vulnerability allows an unauthenticated attacker to perform an XSS attack with the help of crafted HTTP or HTTPS GET requests on successful exploitation.

CVE-2022-42469: Fortinet FortiOS Improper Access Control Vulnerability

This permissive list of allowed inputs vulnerability affects the FortiGate Policy-based NGFW Mode. On successful exploitation, the vulnerability may allow an authenticated SSL-VPN user to bypass the policy using bookmarks in the web portal.

CVE-2023-22641: Fortinet FortiOS Unauthorized Code Vulnerability

This URL redirection to a risky website vulnerability exists in FortiOS and FortiProxy sslvpnd. On successfully exploiting this vulnerability, an authenticated attacker may redirect users to any arbitrary website with the help of a crafted URL.

CVE-2022-42477: Fortinet FortiAnalyzer Improper Input Validation Vulnerability

The vulnerability arises due to improper input validation. An authenticated attacker may disclose file system information with the help of a custom dataset SQL queries on successful exploitation.

CVE-2022-43947: Fortinet FortiOS Information Disclosure Vulnerability

An attacker with an authenticated account could take advantage of the FortiOS & FortiProxy administration interface’s inappropriate restriction of excessive authentication attempts vulnerability to perform brute-force attacks on other user accounts by injecting valid login sessions.

CVE-2023-22642: Fortinet FortiManager and FortiAnalyzer Improper Certificate Validation Vulnerability

The vulnerability arises due to improper certificate validation. On successfully exploiting this vulnerability, an unauthenticated, remote attacker may perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert resources. 

Affected Products and Versions

CVE-2022-40682:

  • FortiClientWindows version 7.0.0 through 7.0.7 
  • FortiClientWindows version 6.4.0 through 6.4.9 
  • FortiClientWindows version 6.2.0 through 6.2.9 
  • FortiClientWindows version 6.0.0 through 6.0.10

CVE-2022-42470: 

  • FortiClientWindows 6.4, all versions 
  • FortiClientWindows 6.2, all versions 
  • FortiClientWindows 6.0, all versions 
  • FortiClientWindows version 7.0.0 through 7.0.7

CVE-2022-43946: 

  • FortiClientWindows 6.4, all versions 
  • FortiClientWindows 6.2, all versions 
  • FortiClientWindows 6.0, all versions 
  • FortiClientWindows version 7.0.0 through 7.0.7

CVE-2022-41330: 

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9 
  • FortiOS version 6.4.0 through 6.4.11 
  • FortiOS version 6.2.0 through 6.2.12

CVE-2022-42469: 

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9

CVE-2023-22641: 

  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.9 
  • FortiOS version 6.4.0 through 6.4.12 
  • FortiOS all versions 6.2, 6.0 
  • FortiProxy version 7.2.0 through 7.2.2 
  • FortiProxy version 7.0.0 through 7.0.8 
  • FortiProxy all versions 2.0, 1.2, 1.1, 1.0

CVE-2022-42477: 

  • FortiAnalyzer version 7.2.1 and below 
  • FortiAnalyzer version 7.0.6 and below 
  • FortiAnalyzer 6.4, all version

CVE-2022-43947: 

  • FortiProxy version 7.2.0 through 7.2.1 
  • FortiProxy version 7.0.0 through 7.0.7 
  • FortiProxy 2.0, all versions 
  • FortiProxy 1.2, all versions 
  • FortiProxy 1.1, all versions 
  • FortiProxy 1.0, all versions 
  • FortiOS version 7.2.0 through 7.2.3 
  • FortiOS version 7.0.0 through 7.0.10 
  • FortiOS version 6.4.0 through 6.4.12 
  • FortiOS 6.2, all versions

CVE-2023-22642: 

  • FortiManager version 7.2.0 through 7.2.1 
  • FortiManager version 7.0.0 through 7.0.5 
  • FortiManager version 6.4.8 through 6.4.10 
  • FortiAnalyzer version 7.2.0 through 7.2.1 
  • FortiAnalyzer version 7.0.0 through 7.0.5 
  • FortiAnalyzer version 6.4.8 through 6.4.10

Mitigation

CVE-2022-40682: 

  • FortiClientWindows version 7.2.0 or above 
  • FortiClientWindows version 7.0.8 or above

Please refer to the PSIRT advisory FG-IR-22-336 for further information. 
 
CVE-2022-42470: 

  • FortiClientWindows version 7.2.0 or above 
  • FortiClientWindows version 7.0.8 or above

Please refer to the PSIRT advisory FG-IR-22-320 for further information. 
 
CVE-2022-43946: 

  • FortiClientWindows version 7.2.0 or above 
  • FortiClientWindows version 7.0.8 or above

Please refer to the PSIRT advisory FG-IR-22-429 for further information. 
 
CVE-2022-41330: 

  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.10 or above 
  • FortiOS version 6.4.12 or above 
  • FortiOS version 6.2.13 or above 
  • FortiProxy version 7.2.2 or above 
  • FortiProxy version 7.0.8 or above

Please refer to the PSIRT advisory FG-IR-22-363 for further information. 

CVE-2022-42469: 

  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.11 or above

Please refer to the PSIRT advisory FG-IR-22-381 for further information.

CVE-2023-22641: 

  • FortiProxy version 7.2.3 or above 
  • FortiProxy version 7.0.9 or above 
  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.10 or above 
  • FortiOS version 6.4.13 or above

Please refer to the PSIRT advisory FG-IR-22-479 for further information. 

CVE-2022-42477:

  • FortiAnalyzer version 7.2.2 or above 
  • FortiAnalyzer version 7.0.7 or above

Please refer to the PSIRT advisory FG-IR-22-432 for further information.

CVE-2022-43947: 

  • FortiProxy version 7.2.2 or above 
  • FortiProxy version 7.0.8 or above 
  • FortiOS version 7.2.4 or above 
  • FortiOS version 7.0.11 or above 
  • FortiOS version 6.4.13 or above

Please refer to the PSIRT advisory FG-IR-22-444 for further information.

CVE-2023-22642: 

  • FortiManager version 7.2.2 or above 
  • FortiManager version 7.0.6 or above 
  • FortiManager version 6.4.11 or above 
  • FortiAnalyzer version 7.2.2 or above 
  • FortiAnalyzer version 7.0.6 or above 
  • FortiAnalyzer version 6.4.11 or above 

Please refer to the PSIRT advisory FG-IR-22-502 for further information.  

For more information, please refer to the Fortinet April 2023 Vulnerability Advisories. 

Qualys Detection

Qualys customers can scan their devices with QID 44010, 44008, 378399, 378398, 378397, 378396, 378395, and 378394 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.  
  
References 
https://www.fortiguard.com/psirt/FG-IR-22-336  
https://www.fortiguard.com/psirt/FG-IR-22-320  
https://www.fortiguard.com/psirt/FG-IR-22-429  
https://www.fortiguard.com/psirt/FG-IR-22-363
https://www.fortiguard.com/psirt/FG-IR-22-381  
https://www.fortiguard.com/psirt/FG-IR-22-479  
https://www.fortiguard.com/psirt/FG-IR-22-432  
https://www.fortiguard.com/psirt/FG-IR-22-444  
https://www.fortiguard.com/psirt/FG-IR-22-502
https://www.fortiguard.com/psirt-monthly-advisory/april-2023-vulnerability-advisories  

Leave a Reply

Your email address will not be published. Required fields are marked *