October 4, 2023

Fortinet has released patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.

The bug tracked as CVE-2022-35843 with CVSS score of 7.7, the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered when radius authentication is used.

The vulnerability impacts FortiOS versions 7.2.x, 7.0.x, 6.4.x, 6.2.x and 6.0.x, and FortiProxy versions 7.0.x, 2.0.x and 1.2.x.

Advertisements

Patches were included in FortiOS versions 7.2.2, 7.0.8, and 6.4.10, and in FortiProxy versions 7.0.7 and 2.0.11.

Fortinet also announced patches for two medium-severity vulnerabilities in FortiADC (Application Delivery Controller), which ensures application availability, optimization, and security.

The first bug CVE-2022-33876 cumulates multiple input validation issues leading to information disclosure via crafted HTML requests, while the second CVE-2022-33875 is described as an improper neutralization of special elements leading to SQL injection. Additionally several low severity bugs also resolved.

Tags:

Leave a Reply

You may have missed

Looney Tunables Vulnerability affects Linux

October 4, 2023

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023
%d bloggers like this: