September 30, 2023

Fortinet has patched two critical bugs in its FortiNAC and FortiWeb products that if exploited could allow an unauthenticated attacker to execute unauthorized code or commands via a specifically crafted HTTP request.

The FortiNAC bug tracked as CVE-2022-39952 was rated at 9.8 and affected versions 9.4.0; 9.2.0 through 9.2.5; 9.1.0 through 9.1.7; 8.8.0 through 8.8.11; 8.7.0 through 8.7.6; 8.6.0 through 8.6.5; 8.5.0 through 8.5.4; and 8.3.7.

Advertisements

The FortiWeb bug tracked as CVE-2021-42756  was reported as a multiple stack-based buffer overflow vulnerability in the proxy daemon of FortiWeb 5.x all versions; 6.0.7 and below; 6.1.2 and below; 6.2.6 and below; 6.3.16 and below; and 6.4.

Its recommended for the users to do the upgrades as specified in its advisories for the FortiNAC and FortiWeb products.

None of the two vulnerabilities are not exploited in wild by threat actors.

Tags:

Leave a Reply

You may have missed

Johnson Controls Ransomware Attack

September 30, 2023

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023
%d bloggers like this: