Recently, NSFOCUS CERT found that Fortinet officially released a security notice, which fixed multiple Fortinet product vulnerabilities. The key vulnerabilities are as follows:
FortiNAC keyUpload remote code execution vulnerability (CVE-2022-39952):
Due to a flaw in the keyUpload script of FortNAC, an unauthenticated attacker can execute arbitrary code on the target system by sending a crafted HTTP request. The CVSS score is 9.8. Relevant users are requested to take measures for protection as soon as possible.
FortiNAC is Fortinet’s network access control solution, which enhances Fortinet’s security structure through visibility, control and automatic response of all content connected to the network. It can supervise and protect all digital assets connected to the enterprise network, covering equipment from IT, IoT, OT/ICS to IoMT, and coordinate automatic response to various network events.
FortiWeb remote code execution vulnerability (CVE-2021-42756):
Due to a flaw in the FortWeb proxy, an unauthenticated attacker triggers a stack-based buffer overflow by sending a crafted HTTP request, which can eventually execute arbitrary code on the target system. CVSS score is 9.3. Relevant users are requested to take measures to protect as soon as possible.
FortiWeb is Fortinet’s web application firewall, which can protect critical business web applications from attacks against known and unknown vulnerabilities.
FortiADC CLI command injection vulnerability (CVE-2022-27482):
Due to a flaw in FortiADC, an authenticated attacker can execute shell code arbitrarily with root privileges through CLI commands. The CVSS score is 7.8. Relevant users are requested to take measures to protect as soon as possible.
FortiADC is an advanced application delivery controller, which can optimize the performance and availability of applications. At the same time, it ensures the security of applications through its own native security tools and integration of application delivery into the Fortinet Security Fabric security architecture.
FortiExtender command injection vulnerability (CVE-2022-27489):
Due to the defects in the verification of user input parameters by FortiExtender network server, attackers with high privileges can finally execute arbitrary commands on the target system by sending special parameters. CVSS score is 7.2. Relevant users are requested to take measures to protect as soon as possible.
FortiExtender cellular gateway helps users build ultra-fast LTE and 5G wireless networks, and supports secure connection and expansion at any WAN edge.
Scope of Impact
- FortiNAC = 9.4.0
- 9.2.0 <= FortiNAC <= 9.2.5
- 9.1.0 <= FortiNAC <= 9.1.7
- 8.8.0 <= FortiNAC <= 8.8.11
- 8.7.0 <= FortiNAC <= 8.7.6
- 8.6.0 <= FortiNAC <= 8.6.5
- 8.5.0 <= FortiNAC <=8.5.4
- FortiNAC = 8.3.7
- 5.6.0 <= FortiWeb <= 5.9.1
- 6.0.0 <= FortiWeb <= 6.0.7
- 6.1.0 <= FortiWeb <= 6.1.2
- 6.2.0 <= FortiWeb <= 6.2.6
- 6.3.0 <= FortiWeb <= 6.3.16
- 6.4.0 <= FortiWeb <= 6.4.1
- 7.0.0 <= FortiADC <= 7.0.1
- 6.2.0 <= FortiADC <= 6.2.3
- 6.1.0 <= FortiADC <= 6.1.6
- 6.0.0 <= FortiADC <= 6.0.4
- 5.4.0 <= FortiADC <= 5.4.5
- 5.3.0 <= FortiADC <= 5.3.7
- 5.2.0 <= FortiADC <= 5.2.8
- 5.1.0 <= FortiADC <= 5.1.7
- 5.0.0 <= FortiADC <= 5.0.4
- 7.0.0 <= FortiExtender <= 7.0.3
- FortiExtender = 5.3.2
- 4.2.0 <= FortiExtender <= 4.2.4
- 4.1.1 <= FortiExtender <= 4.1.8
- 4.0.0 <= FortiExtender <= 4.0.2
- 3.3.0 <= FortiExtender <= 3.3.2
- 3.2.1 <= FortiExtender <= 3.2.3
- 3.1.0 <= FortiExtender <= 3.1.2
- 3.0.0 <= FortiExtender <= 3.0.2
- FortiNAC >= 9.4.1
- FortiNAC >= 9.2.6
- FortiNAC >= 9.1.8
- FortiNAC >= 7.2.0
- FortiWeb >= 7.0.0
- FortiWeb >= 6.3.17
- FortiWeb >= 6.2.7
- FortiWeb >= 6.1.3
- FortiWeb >= 6.0.8
- FortiADC >= 7.0.2
- FortiADC >= 6.2.4
- FortiExtender >= 7.2.0
- FortiExtender >= 7.0.4
- FortiExtender >= 4.2.5 (coming soon)
- FortiExtender >= 4.1.9 (coming soon)
- FortiExtender >= 4.0.3 (coming soon)
- FortiExtender >= 3.3.3
- FortiExtender >= 3.2.4
At present, a new version has been officially released to fix the above vulnerabilities. Please upgrade the affected users to the latest version for protection as soon as possible. The official download link:
|CVE No.||Fix version link|
Other products can refer to: https://www.fortiguard.com/psirt?date=02 -2023
Other protection suggestions
If relevant users are temporarily unable to upgrade, they can use the white list to restrict access to the affected system ports.
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.