September 27, 2023

Fortinet patched several vulnerabilities affecting several of its endpoint security products through the release  of firmware’s and software updates

High Severity Flaws

The first bug is a multiple relative path traversal bugs in the management interface of FortiDeceptor, which spins up virtual machines that serve as honeypots for network intruders tracked as CVE-2022-30302, that allows remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests

The second bug is, attackers could achieve privilege escalation in Windows versions of endpoint protection and VPN product FortiClient via path traversal in the named pipe responsible for the FortiESNAC service which is tracked as CVE-2021-41031.


The third bug tracked as CVE-2022-26117 is FortiNAC network access control solution, suffered from an empty password in configuration file vulnerability through which an authenticated attacker could access the MySQL databases via CLI.

The fourth bug tracked as CVE-2021-43072 , flaw found in FortiAnalyzer, the FortiManager network management device, the FortiOS operating system, and the FortiProxy web proxy,  allow a privileged attacker to execute arbitrary code or command via crafted CLI ‘execute restore image’ and ‘execute certificate remote’ operations with the TFTP protocol.

Medium Severity Flaws

The first of the list is SQL injection vulnerabilities in the FortiADC application delivery controller tracked as CVE-2022-26120

The second bug is OS command injection vulnerability in CLI in FortiAnalyzer and FortiManager tracked as CVE-2022-27483.

The third bug is cross-site scripting (XSS) issues in the FortiEDR endpoint security solution tracked as CVE-2022-29057.


The fourth bug is a privilege escalation bug in FortiManager and FortiAnalyzer tracked as CVE-2022-26118

The fifth bug is a stack-based buffer overflows in diagnostic CLI commands affecting FortiOS and FortiProxy tracked as CVE-2021-44170.

The sixth bug is an integer overflow in dhcpd daemon impacting FortiOS, FortiProxy, FortiSwitch ethernet switches, the FortiRecoder video surveillance system, and the FortiVoiceEnterprise communications system tracked as CVE-2021-42755.

Low Severity Flaws

Only one bug in low severity that was addressed, XSS vulnerability affecting FortiOS and tracked as CVE-2022-23438.

Customers are recommended to test and upgrade the products as soon as possible to avoid the possible exploitation.


Leave a Reply

%d bloggers like this: