Fortinet fixes High Severity Auth Bypass bug
Fortinet has released patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.
The bug tracked as CVE-2022-35843 with CVSS score of 7.7, the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered when radius authentication is used.
The vulnerability impacts FortiOS versions 7.2.x, 7.0.x, 6.4.x, 6.2.x and 6.0.x, and FortiProxy versions 7.0.x, 2.0.x and 1.2.x.
Patches were included in FortiOS versions 7.2.2, 7.0.8, and 6.4.10, and in FortiProxy versions 7.0.7 and 2.0.11.
Fortinet also announced patches for two medium-severity vulnerabilities in FortiADC (Application Delivery Controller), which ensures application availability, optimization, and security.
The first bug CVE-2022-33876 cumulates multiple input validation issues leading to information disclosure via crafted HTML requests, while the second CVE-2022-33875 is described as an improper neutralization of special elements leading to SQL injection. Additionally several low severity bugs also resolved.