Fortinet has released a security advisory to address 21 vulnerabilities in multiple products, with severity ratings ranging from medium to high. Four of the 21 vulnerabilities are given high severity ratings (CVE-2022-40682, CVE-2022-42470, CVE-2022-43946, and CVE-2022-41330). The vulnerabilities affect Fortinet products such as FortiClient, FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiADC, FortiWeb, FortiSandbox, FortiDeceptor, FortiGate, and FortiAuthenticator. … Continue reading “Fortinet Releases Patches to Address Multiple Vulnerabilities in Popular Fortinet Products”
Tag: Forticlient
FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)
Summary: FortiOS has been reported with an unquoted service path vulnerability. FortiClient FortiTray of FortiClientConsole executable service path is the vulnerable component that leads to escalated privileges. Description: For Mac and Windows Fortigate products like FortiOS for FortiGate firewalls and the FortiClient endpoint antivirus.,uses a weak encryption cipher (XOR) and hardcoded cryptographic keys to communicate … Continue reading “FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)”