March 31, 2023

Fortinet has released patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.

The bug tracked as CVE-2022-35843 with CVSS score of 7.7, the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered when radius authentication is used.

The vulnerability impacts FortiOS versions 7.2.x, 7.0.x, 6.4.x, 6.2.x and 6.0.x, and FortiProxy versions 7.0.x, 2.0.x and 1.2.x.

Advertisements

Patches were included in FortiOS versions 7.2.2, 7.0.8, and 6.4.10, and in FortiProxy versions 7.0.7 and 2.0.11.

Fortinet also announced patches for two medium-severity vulnerabilities in FortiADC (Application Delivery Controller), which ensures application availability, optimization, and security.

The first bug CVE-2022-33876 cumulates multiple input validation issues leading to information disclosure via crafted HTML requests, while the second CVE-2022-33875 is described as an improper neutralization of special elements leading to SQL injection. Additionally several low severity bugs also resolved.

Tags:

Leave a Reply

You may have missed

Microsoft Patches BingBang Cloud Vulnerability Exposing O365 Data

Microsoft Patches BingBang Cloud Vulnerability Exposing O365 Data

March 30, 2023
Microsoft Defender Reports Zoom and Google as malicious

Microsoft Defender Reports Zoom and Google as malicious

March 30, 2023
Cisco Acquiring Lightspin

Cisco Acquiring Lightspin

March 30, 2023
APT-43 Elite North Korean Group

APT-43 Elite North Korean Group

March 29, 2023
Microsoft AI Security Copilot

Microsoft AI Security Copilot

March 29, 2023
Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
%d bloggers like this: