Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330).
The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator.
Fortinet creates security solutions like firewalls, antivirus programs, or intrusion detection systems. These products are widely used in leading IT industries, making this security advisory important.
Description
CVE-2022-40682: Fortinet FortiClient for Windows Arbitrary File Creation Vulnerability
FortiClient is a Fabric Agent used for Endpoint Security that provides offers security, compliance, and authorized access in a single and modular client. The software runs on an endpoint, such as a laptop or mobile device, and connects to the Fortinet Security Fabric to give that device information, visibility, and control.
The vulnerability originates from an incorrect authorization. The vulnerability may allow a local low-privileged user to create arbitrary files on the device filesystem on successful exploitation.
CVE-2022-42470: Fortinet FortiClient for Windows Arbitrary File Creation Vulnerability
The vulnerability arises because the application allows an attacker to control the path of the files created. On successful exploitation, the vulnerability may allow a local low-privileged user to perform arbitrary file creation on the device filesystem.
CVE-2022-43946: Fortinet FortiClient for Windows Improper Write Access Vulnerability
The vulnerability arises due to incorrect permission assignment for critical resources and a time-of-check time-of-use (TOCTOU) race condition. The vulnerability may allow an attacker to execute commands via writing data into a Windows pipe on successful exploitation.
CVE-2022-41330: Fortinet FortiOS & FortiProxy Cross-Site Scripting (XSS) Vulnerability
The vulnerability arises due to improper neutralization of input during web page generation that leads to cross-site scripting vulnerabilities in the FortiOS and FortiProxy administrative interface. The vulnerability allows an unauthenticated attacker to perform an XSS attack with the help of crafted HTTP or HTTPS GET requests on successful exploitation.
CVE-2022-42469: Fortinet FortiOS Improper Access Control Vulnerability
This permissive list of allowed inputs vulnerability affects the FortiGate Policy-based NGFW Mode. On successful exploitation, the vulnerability may allow an authenticated SSL-VPN user to bypass the policy using bookmarks in the web portal.
CVE-2023-22641: Fortinet FortiOS Unauthorized Code Vulnerability
This URL redirection to a risky website vulnerability exists in FortiOS and FortiProxy sslvpnd. On successfully exploiting this vulnerability, an authenticated attacker may redirect users to any arbitrary website with the help of a crafted URL.
CVE-2022-42477: Fortinet FortiAnalyzer Improper Input Validation Vulnerability
The vulnerability arises due to improper input validation. An authenticated attacker may disclose file system information with the help of a custom dataset SQL queries on successful exploitation.
CVE-2022-43947: Fortinet FortiOS Information Disclosure Vulnerability
An attacker with an authenticated account could take advantage of the FortiOS & FortiProxy administration interface’s inappropriate restriction of excessive authentication attempts vulnerability to perform brute-force attacks on other user accounts by injecting valid login sessions.
CVE-2023-22642: Fortinet FortiManager and FortiAnalyzer Improper Certificate Validation Vulnerability
The vulnerability arises due to improper certificate validation. On successfully exploiting this vulnerability, an unauthenticated, remote attacker may perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert resources.
Affected Products and Versions
CVE-2022-40682:
- FortiClientWindows version 7.0.0 through 7.0.7
- FortiClientWindows version 6.4.0 through 6.4.9
- FortiClientWindows version 6.2.0 through 6.2.9
- FortiClientWindows version 6.0.0 through 6.0.10
CVE-2022-42470:
- FortiClientWindows 6.4, all versions
- FortiClientWindows 6.2, all versions
- FortiClientWindows 6.0, all versions
- FortiClientWindows version 7.0.0 through 7.0.7
CVE-2022-43946:
- FortiClientWindows 6.4, all versions
- FortiClientWindows 6.2, all versions
- FortiClientWindows 6.0, all versions
- FortiClientWindows version 7.0.0 through 7.0.7
CVE-2022-41330:
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.9
- FortiOS version 6.4.0 through 6.4.11
- FortiOS version 6.2.0 through 6.2.12
CVE-2022-42469:
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.9
CVE-2023-22641:
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.9
- FortiOS version 6.4.0 through 6.4.12
- FortiOS all versions 6.2, 6.0
- FortiProxy version 7.2.0 through 7.2.2
- FortiProxy version 7.0.0 through 7.0.8
- FortiProxy all versions 2.0, 1.2, 1.1, 1.0
CVE-2022-42477:
- FortiAnalyzer version 7.2.1 and below
- FortiAnalyzer version 7.0.6 and below
- FortiAnalyzer 6.4, all version
CVE-2022-43947:
- FortiProxy version 7.2.0 through 7.2.1
- FortiProxy version 7.0.0 through 7.0.7
- FortiProxy 2.0, all versions
- FortiProxy 1.2, all versions
- FortiProxy 1.1, all versions
- FortiProxy 1.0, all versions
- FortiOS version 7.2.0 through 7.2.3
- FortiOS version 7.0.0 through 7.0.10
- FortiOS version 6.4.0 through 6.4.12
- FortiOS 6.2, all versions
CVE-2023-22642:
- FortiManager version 7.2.0 through 7.2.1
- FortiManager version 7.0.0 through 7.0.5
- FortiManager version 6.4.8 through 6.4.10
- FortiAnalyzer version 7.2.0 through 7.2.1
- FortiAnalyzer version 7.0.0 through 7.0.5
- FortiAnalyzer version 6.4.8 through 6.4.10
Mitigation
CVE-2022-40682:
- FortiClientWindows version 7.2.0 or above
- FortiClientWindows version 7.0.8 or above
Please refer to the PSIRT advisory FG-IR-22-336 for further information.
CVE-2022-42470:
- FortiClientWindows version 7.2.0 or above
- FortiClientWindows version 7.0.8 or above
Please refer to the PSIRT advisory FG-IR-22-320 for further information.
CVE-2022-43946:
- FortiClientWindows version 7.2.0 or above
- FortiClientWindows version 7.0.8 or above
Please refer to the PSIRT advisory FG-IR-22-429 for further information.
CVE-2022-41330:
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.10 or above
- FortiOS version 6.4.12 or above
- FortiOS version 6.2.13 or above
- FortiProxy version 7.2.2 or above
- FortiProxy version 7.0.8 or above
Please refer to the PSIRT advisory FG-IR-22-363 for further information.
CVE-2022-42469:
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.11 or above
Please refer to the PSIRT advisory FG-IR-22-381 for further information.
CVE-2023-22641:
- FortiProxy version 7.2.3 or above
- FortiProxy version 7.0.9 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.10 or above
- FortiOS version 6.4.13 or above
Please refer to the PSIRT advisory FG-IR-22-479 for further information.
CVE-2022-42477:
- FortiAnalyzer version 7.2.2 or above
- FortiAnalyzer version 7.0.7 or above
Please refer to the PSIRT advisory FG-IR-22-432 for further information.
CVE-2022-43947:
- FortiProxy version 7.2.2 or above
- FortiProxy version 7.0.8 or above
- FortiOS version 7.2.4 or above
- FortiOS version 7.0.11 or above
- FortiOS version 6.4.13 or above
Please refer to the PSIRT advisory FG-IR-22-444 for further information.
CVE-2023-22642:
- FortiManager version 7.2.2 or above
- FortiManager version 7.0.6 or above
- FortiManager version 6.4.11 or above
- FortiAnalyzer version 7.2.2 or above
- FortiAnalyzer version 7.0.6 or above
- FortiAnalyzer version 6.4.11 or above
Please refer to the PSIRT advisory FG-IR-22-502 for further information.
For more information, please refer to the Fortinet April 2023 Vulnerability Advisories.
Qualys Detection
Qualys customers can scan their devices with QID 44010, 44008, 378399, 378398, 378397, 378396, 378395, and 378394 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.fortiguard.com/psirt/FG-IR-22-336
https://www.fortiguard.com/psirt/FG-IR-22-320
https://www.fortiguard.com/psirt/FG-IR-22-429
https://www.fortiguard.com/psirt/FG-IR-22-363
https://www.fortiguard.com/psirt/FG-IR-22-381
https://www.fortiguard.com/psirt/FG-IR-22-479
https://www.fortiguard.com/psirt/FG-IR-22-432
https://www.fortiguard.com/psirt/FG-IR-22-444
https://www.fortiguard.com/psirt/FG-IR-22-502
https://www.fortiguard.com/psirt-monthly-advisory/april-2023-vulnerability-advisories