Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest May 2023 Monthly PSIRT Advisory Report From Fortinet
November 28, 2023
|
5m

Breaking Down the Latest May 2023 Monthly PSIRT Advisory Report From Fortinet


Breaking Down The Latest May 2023 Monthly Psirt Advisory Report From Fortinet

Fortinet has recently released its May 2023 Monthly PSIRT Advisory Report, which we’ve covered in this detailed report. This report describes newly released security vulnerabilities affecting Fortinet products. We’ve also added a separate table in the report that describes all the products affected by these vulnerabilities.

Through this report, you will understand the severity of each vulnerability, the steps needed to mitigate the risks, and take the necessary actions to enhance the security structure against potential threats. 

Summary of May 2023 Monthly PSIRT Advisory Report

The Fortinet report released has the following key points: 

  1. The report listed 9 vulnerabilities, out of which none are critical, 2 are classified as High, 2 as Low, and 5 are classified as Medium. 

  2. The products affected by these 9 vulnerabilities include FortiADC, FortiOS, FortiProxy, and FortiNAC. 

  3. The fix for these vulnerabilities includes upgrading to the latest product version from the existing one. 

Vulnerabilities by Category

The May 2023 Monthly PSIRT Advisory Report presents 9 vulnerabilities affecting FortiADC, FortiOS, FortiProxy, and FortiNAC. Below is a table giving the overview of each vulnerability type identified in the report: 

Vulnerability TypeNumber of Occurrences 
Command injection 1
Path traversal 1
SSH Weak Key Exchange 1
Stored XSS triggering RCE 1
Weak authentication mechanism 1
Weak password hashing 1
Database hardcoded credentials1
Ppen redirect in default Url vulnerability 1
Out-of-bound-write vulnerability 1

Vulnerabilities by Product

Following is the table with all the products affected by the vulnerabilities 

Fortinet ProductNumber of Occurrence
FortiADC 2
FortiOS 1
FortiProxy1
FortiNAC 1

Comprehensive List of Vulnerabilities Patched in May 2023 Monthly PSIRT Advisory Report

CVETitle CVSSv3 ScoreSeverityProducts AffectedProduct Fixed
CVE-2023-27999FortiADC – Command injection in external resource module7.6High FortiADC version 7.2.0FortiADC version 7.1.0 through 7.1.1Upgrade to FortiADC version 7.2.1 or aboveUpgrade to FortiADC version 7.1.2 or above
CVE-2023-27993FortiADC – Path traversal vulnerability in CLI5.7MediumFortiADC version 7.2.0FortiADC version 7.1.0 through 7.1.1FortiADC 7.0 all versionsFortiADC 6.2 all versionsFortiADC 6.1 all versionsFortiADC 6.0 all versionsFortiADC 5.4 all versionsFortiADC 5.3 all versionsFortiADC 5.2 all versionsUpgrade to FortiADC version 7.2.1 or aboveUpgrade to FortiADC version 7.1.2 or above
CVE-2023-22637FortiNAC – Stored XSS triggering RCE via license key forgery5.9MediumFortiNAC-F version 7.2.0FortiNAC version 9.4.0 through 9.4.2FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsUpgrade to FortiNAC-F version 7.2.1 or aboveUpgrade to FortiNAC version 9.4.3 or above
CVE-2022-45858FortiNAC – SSH Weak Key Exchange Algorithm3.8Low At leastFortiNAC-F version 7.2.0FortiNAC version 9.4.0 through 9.4.1FortiNAC version 9.2.0 through 9.2.6FortiNAC version 9.1.0 through 9.1.8FortiNAC version 8.8.0 through 8.8.11FortiNAC version 8.7.0 through 8.7.6Upgrade to FortiNAC-F version 7.2.1 or aboveUpgrade to FortiNAC version 9.4.2 or aboveUpgrade to FortiNAC version 9.2.7 or above
CVE-2022-45860FortiNAC – Weak authentication mechanism on device registration page5Medium At leastFortiNAC-F version 7.2.0FortiNAC version 9.4.0 through 9.4.2FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsUpgrade to FortiNAC version 9.4.3 or aboveUpgrade to FortiNAC-F version 7.2.1 or above
CVE-2022-45859FortiNAC – Weak password hashing method in etc/shadow3.9Low At leastFortiNAC-F version 7.2.0FortiNAC version 9.4.0 through 9.4.1FortiNAC version 9.2.0 through 9.2.6FortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsUpgrade to FortiNAC-F version 7.2.1 or aboveUpgrade to FortiNAC version 9.4.2 or aboveUpgrade to FortiNAC version 9.2.7 or aboveAfter the upgrade, the CLI account password should be changed.
CVE-2023-26203FortiNAC – database hardcoded credentials6.1 Medium FortiNAC version 9.4.0 through 9.4.2FortiNAC-F version 7.2.0FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsUpgrade to FortiNAC version 9.4.3 or aboveUpgrade to FortiNAC-F version 7.2.1 or above
CVE-2022-43950FortiNAC – open redirect in defaultUrl parameter3.9Low At leastFortiNAC-F version 7.2.0FortiNAC version 9.4.0 through 9.4.1FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsUpgrade to FortiNAC version 9.4.2 or aboveUpgrade to FortiNAC-F version 7.2.1 or above
CVE-2023-22640FortiOS & FortiProxy – Out-of-bound-write in sslvpnd7.1HighFortiOS version 7.2.0 through 7.2.3FortiOS version 7.0.0 through 7.0.10FortiOS version 6.4.0 through 6.4.11FortiOS version 6.2.0 through 6.2.13FortiOS 6.0 all versionsFortiProxy version 7.2.0 through 7.2.1FortiProxy version 7.0.0 through 7.0.7FortiProxy all versions 2.0, 1.2, 1.1, 1.0Upgrade to FortiOS version 7.4.0 or aboveUpgrade to FortiOS version 7.2.4 or aboveUpgrade to FortiOS version 7.0.11 or aboveUpgrade to FortiOS version 6.4.12 or aboveUpgrade to FortiOS version 6.2.14 or aboveUpgrade to FortiProxy version 7.2.2 or aboveUpgrade to FortiProxy version 7.0.8 or above

This report presents complete detail about the May 2023 Monthly PSIRT Advisory Report Fortinet released on May 3, 2023. With this report you can stay up to date with all newly released vulnerabilities and the recommended steps to take to avoid getting affected by it. You can also share this post and contribute to making the digital world securer and protected. If you want to have more regular posts on topics like these, please visit our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, and Medium, and subscribe to our content.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe