Table of Contents
January 3, 2024
|24m
Breaking Down the Latest February 2023 Monthly PSIRT Advisory Report From Fortinet
Monthly PSIRT Advisories refers to an Advisories Report that Fortinet’s Product Security Incident Response Team (PSIRT) team rolls out every month. The report provides a list of advisories for vulnerabilities resolved in Fortinet products. Considering its importance, we have decided to publish a monthly breakdown of the Fortinet Monthly PSIRT Advisory Report on thesecmaster.com. We are going to cover the February 2023 Monthly PSIRT Advisory Report this time and going forward. You are going to see the same report for upcoming months on this website.
Summary of February 2023 Monthly PSIRT Advisory Report:
Fortinet released the February 2023 Monthly PSIRT Advisory Report early this week. Let’s see the summary of the report:
The report listed out in total 40 vulnerabilities, of which 2 are classified as critical, 15 are classified as High, 22 are Medium, and 1 as Low in severity.
The two Critical vulnerabilities identified are CVE-2022-39952 and CVE-2021-42756, the first flaw is an External Control of File Name or Path in the keyUpload scriptlet in FortiNAC, and the second flaw is a Stack-based buffer overflow in Proxyd services in FortiWeb products.
The products affected by this list of 40 vulnerabilities may include FortiWeb, FortiOS, FortiNAC, FortiProxy, FortiAnalyzer, FortiADC, FortiSandbox, fortiPortal, fortiWAN, ForitAuthenticator, FortiSwitch, FortiExtender, and FortiSwitchManager.
Vulnerabilities by Category:
All 40 vulnerabilities are categorized into 16 different vulnerabilities. Command injection is the most frequently identified vulnerability, appearing 7 times in the February 2023 Monthly PSIRT Advisory Report. Command injection is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application and typically fully compromises the application and all its data. Buffer overflow and cryptographic vulnerabilities are the next most frequently identified vulnerability types, appearing 6 times each. Path traversal vulnerabilities appear 5 times, and cross-site scripting (XSS) vulnerabilities appear 4 times. Please see this table which provides information on the number of various vulnerability types identified in the February 2023 Monthly PSIRT Advisory Report.
| Vulnerability Type | Number of Occurence |
| Command injection | 7 |
| Buffer overflows | 6 |
| Cryptographic Vulnerabilities | 6 |
| Path traversal vulnerability | 5 |
| Cross Sight Scripting (XSS) | 4 |
| Improper password storage | 2 |
| Clear-text insertion of device passwords into audit log | 1 |
| Format string bug in command line interpreter | 1 |
| Memory corruption | 1 |
| Improper access control | 1 |
| Improper management vulnerability | 1 |
| Unauthorized configuration download | 1 |
| XML External Entities (XEE) | 1 |
| Arbitrary file write vulnerability | 1 |
| HTTP response splitting vulnerability | 1 |
| Double free | 1 |
Vulnerabilities by Product:
Please refer to this table if you want to know the list of vulnerabilities by the Fortinet products.
| Fortinet Product | Number of Occurrence |
| FortiWeb | 19 |
| FortiOS | 8 |
| FortiNAC | 8 |
| FortiProxy | 6 |
| FortiAnalyzer | 1 |
| FortiADC | 1 |
| FortiSandbox | 1 |
| FortiPortal | 1 |
| FortiWAN | 1 |
| FortiAuthenticator | 1 |
| FortiSwitch | 1 |
| FortiExtender | 1 |
| FortiSwitchManager | 1 |
List of Critical Vulnerabilities February 2023 Monthly PSIRT Advisory Report:
The severity of the identified vulnerabilities is measured in the CVSS score. CVSS is a scale measured from 0 to 10 where 0 is the least severe and 10 is the most severe Vulnerability. All the vulnerabilities are assigned a CVSS number between 0.0 to 10.10 depending on several factors, including the attack vector, the attack complexity, and the impact on confidentiality, integrity, and availability. The vulnerabilities assigned the CVSS score between 0 to 4 are labeled ‘Low’ severity. The vulnerabilities assigned the CVSS score between 4 to 7 are labeled ‘Medium’ severity. Similarly, the vulnerabilities assigned a CVSS score between 7 to 8 are labeled ‘High’ severity, and the CVSS score between 9 to 10 is ‘Critical’ in severity.
The below table lists the vulnerabilities considered Critical in severity.
| CVE ID | Vulnerability | Vulnerable Product/Application | Solution |
|---|---|---|---|
| CVE-2022-39952 | External Control of File Name or Path in keyUpload scriptlet in FortiNAC | FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions | Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above |
| CVE-2021-42756 | Stack-based buffer overflows in Proxyd in FortiWeb | FortiWeb versions 5.x all versions FortiWeb versions 6.0.7 and below FortiWeb versions 6.1.2 and below FortiWeb versions 6.2.6 and below FortiWeb versions 6.3.16 and below, FortiWeb version 6.4 all versions | Upgrade to FortiWeb 7.0.0 or above Upgrade to FortiWeb 6.3.17 or above Upgrade to FortiWeb 6.2.7 or above Upgrade to FortiWeb 6.1.3 or above Upgrade to FortiWeb 6.0.8 or above |
Comprehensive List of Vulnerabilities Patched in February 2023 Monthly PSIRT Advisory Report:
We have segregated the list into multiple lists by the Applications. You can refer to the complete list of the official Fortinet security updates here.
FortiWeb Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2021-43074 | Padding oracle in cookie encryption in FortiOS, FortiWeb, FortiProxy and FortiSwitch | 4.1 | Medium | FortiOS versions 7.0.3 and below. FortiOS versions 6.4.8 and below, FortiOS 6.2 all versions FortiOS 6.0 all versions FortiWeb 6.4 all versions FortiWeb versions 6.3.16 and below, FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions FortiProxy versions 7.0.1 and below, FortiProxy versions 2.0.7 and below, FortiProxy 1.2 all versions FortiProxy 1.1 all versionsFortiProxy 1.0 all versions FortiSwitch versions 7.0.3 and below, FortiSwitch versions 6.4.10 and below, FortiSwitch 6.2 all versions FortiSwitch 6.0 all versions | Upgrade to FortiOS version 7.0.4 or above. Upgrade to FortiOS version 6.4.9 or above. Upgrade to FortiWeb version 7.0.0 or above. Upgrade to FortiWeb version 6.3.17 or above. Upgrade to FortiProxy version 7.0.2 or above. Upgrade to FortiProxy version 2.0.8 or above. Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above. |
| CVE-2022-30306 | Buffer overflow in CA sign function in FortiWeb | 6.3 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2022-33871 | Buffer overflow in execute backup-local command in FortiWeb | 6.3 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2023-23777 | Command injection in CLI backup functionality in FortiWeb | 7.2 | High | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.18 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.19 or above |
| CVE-2022-40683 | Double free in pipe management in FortiWeb | 7.1 | High | 0258FortiWeb version 7.0.0 through 7.0.3 | Please upgrade to FortiWeb version 7.2.0 or above Please upgrade to FortiWeb version 7.0.4 or above |
| CVE-2023-23782 | Heap based overflow in CLI in FortiWeb | 7.1 | High | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.0 through 6.3.19 FortiWeb 6.4 all versions FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions | Upgrade to FortiWeb 7.0.2 or above, Upgrade to FortiWeb 6.3.20 or above. |
| CVE-2023-23779 | Multiple OS command injection in FortiWeb | 6.6 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2023-23780 | Multiple Stack based buffer overflow in web interface in FortiWeb | 7.6 | High | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2022-30303 | OS command injection in Web GUI in FortiWeb | 8.6 | High | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.0 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2023-23784 | Path traversal in API controller in FortiWeb | 5.6 | Medium | FortiWeb version 7.0.0 through 7.0.2 FortiWeb version 6.3.6 through 6.3.20 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.3 or above Please upgrade to FortiWeb version 6.3.21 or above |
| CVE-2022-30300 | Path traversal in API handler in FortiWeb | 6.2 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.18 FortiWeb 6.4 all versions | Upgrade FortiWeb to version 7.0.2 and above. Upgrade FortiWeb to version 6.3.19 and above. |
| CVE-2023-23778 | Path traversal via browse report CGI component in FortiWeb | 4.7 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb 6.2 all versions FortiWeb 6.4 all versions FortiWeb 6.3 all versions | Please upgrade to FortiWeb version 7.0.2 or above |
| CVE-2022-30299 | Relative path traversal in web API FortiWeb | 5 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.0 through 6.3.19 FortiWeb 6.4 all versions FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2023-23781 | Stack based buffer overflow in SAML management in FortiWeb | 6.1 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb version 6.3.6 through 6.3.19 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above Please upgrade to FortiWeb version 6.3.20 or above |
| CVE-2023-25602 | Stack-based Buffer Overflow in command line interpreter in FortiWeb | 7.4 | High | FortiWeb 6.4 all versions. FortiWeb versions 6.3.17 and earlier. FortiWeb versions 6.2.6 and earlier. FortiWeb versions 6.1.2 and earlier. FortiWeb versions 6.0.7 and earlier. FortiWeb versions 5.9.1 and earlier. FortiWeb 5.8 all versions FortiWeb 5.7 all versions FortiWeb 5.6 all versions | Please upgrade to FortiWeb version 7.0.0 or above Please upgrade to FortiWeb version 6.3.18 or above Please upgrade to FortiWeb version 6.2.7 or above Please upgrade to FortiWeb version 6.1.3 or above Please upgrade to FortiWeb version 6.0.8 or above Please upgrade to FortiWeb version 5.9.2 or above |
| CVE-2021-42756 | Stack-based buffer overflows in Proxyd in FortiWeb | 9.3 | Critical | FortiWeb versions 5.x all versions, FortiWeb versions 6.0.7 and below, FortiWeb versions 6.1.2 and below, FortiWeb versions 6.2.6 and below, FortiWeb versions 6.3.16 and below, FortiWeb versions 6.4 all versions. | Upgrade to FortiWeb 7.0.0 or above, Upgrade to FortiWeb 6.3.17 or above, Upgrade to FortiWeb 6.2.7 or above. Upgrade to FortiWeb 6.1.3 or above. Upgrade to FortiWeb 6.0.8 or above. |
| CVE-2023-22636 | Unauthorized Configuration Download Vulnerability inFortiWeb | 6.6 | Medium | FortiWeb version 7.0.0 through 7.0.4 FortiWeb version 6.4.0 through 6.4.2 FortiWeb version 6.3.6 through 6.3.21 | Please upgrade to FortiWeb version 7.0.5 or above. Please upgrade to FortiWeb version 7.2.0 or above. |
| CVE-2021-42761 | Weak generation of WAF session IDs leads to session fixation in FortiWeb | 8.5 | High | FortiWeb 5.6 all versions FortiWeb 5.7 all versions FortiWeb 5.8 all versions FortiWeb versions 5.9.1 and below, FortiWeb versions 6.0.7 and below, FortiWeb versions 6.1.2 and below, FortiWeb versions 6.2.6 and below, FortiWeb versions 6.3.16 and below, FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.0 or above Please upgrade to FortiWeb version 6.3.17 or above Please upgrade to FortiWeb version 6.2.7 or above Please upgrade to FortiWeb version 6.1.3 or above Please upgrade to FortiWeb version 6.0.8 or above Please upgrade to FortiWeb version 5.9.2 or above |
| CVE-2023-23783 | format string vulnerability in the CLI in FortiWeb | 6.5 | Medium | FortiWeb version 7.0.0 through 7.0.1 FortiWeb 6.4 all versions | Please upgrade to FortiWeb version 7.0.2 or above |
FortiOS Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-38378 | Ability to modify privileges from Custom to Read-Write in FortiOS & FortiProxy | 4 | Medium | FortiOS version 7.2.0 FortiOS version 7.0.0 through 7.0.7 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy 2.0 all versions FortiProxy 1.2 all versionsFortiProxy 1.1 all versions | Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above |
| CVE-2022-39948 | Lack of certificate verification when establishing secure connections with threat feed fabric connectors in FortiOS & FortiProxy | 4.4 | Medium | FortiProxy version 7.0.0 through 7.0.6 FortiProxy version 2.0 all versions FortiProxy version 1.2 all versions FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.7 FortiOS version 6.4 all versions FortiOS version 6.2 all versions FortiOS version 6.0 all versions | Please upgrade to FortiProxy version 7.2.0 or above Please upgrade to FortiProxy version 7.0.7 or above Please Upgrade to FortiOS version 7.2.4 or above Please Upgrade to FortiOS version 7.0.8 or above |
| CVE-2022-42472 | header injection in proxy login page in FortiOS & FortiProxy | 4 | Medium | FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.10 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions | Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above |
| CVE-2022-41334 | XSS vulnerability in the Login page when FortiCloud Sign-in is used in FortiOS | 8.6 | High | FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.7 | Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.8 or above |
| CVE-2022-29054 | Flaws over DHCP and DNS keys encryption scheme in FortiOS / FortiProxy | 3.1 | Low | FortiOS version 7.2.0 FortiOS version 7.0.0 through 7.0.7 FortiOS version 6.4 all versions FortiOS version 6.2 all versions FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0 all versions FortiProxy version 1.2 all versions FortiProxy version 1.1 all versions | Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above |
| CVE-2021-43074 | Padding oracle in cookie encryption in FortiOS, FortiWeb, FortiProxy and FortiSwitch | 4.1 | Medium | FortiOS versions 7.0.3 and below. FortiOS versions 6.4.8 and below, FortiOS 6.2 all versions FortiOS 6.0 all versions FortiWeb 6.4 all versions FortiWeb versions 6.3.16 and below, FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions FortiProxy versions 7.0.1 and below, FortiProxy versions 2.0.7 and below, FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions FortiSwitch versions 7.0.3 and below, FortiSwitch versions 6.4.10 and below, FortiSwitch 6.2 all versions FortiSwitch 6.0 all versions | Upgrade to FortiOS version 7.0.4 or above. Upgrade to FortiOS version 6.4.9 or above. Upgrade to FortiWeb version 7.0.0 or above. Upgrade to FortiWeb version 6.3.17 or above. Upgrade to FortiProxy version 7.0.2 or above. Upgrade to FortiProxy version 2.0.8 or above. Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above. |
| CVE-2022-22302 | Disclosure of private keys corresponding to Apple (APNS) and Google (GCM) certificates in FortiOS, FortiAuthenticator | 5.3 | Medium | FortiOS version 6.4.0 through 6.4.1 FortiOS version 6.2.0 through 6.2.9 FortiOS version 6.0.0 through 6.0.13 FortiAuthenticator version 6.1.0 FortiAuthenticator version 6.0.0 through 6.0.4 FortiAuthenticator 5.5 all versions | Please upgrade to FortiGate version 6.4.2 or above. Please upgrade to FortiOS version 6.2.10 or above Please upgrade to FortiOS version 6.0.14 or above Please upgrade to FortiAuthenticator version 6.2.0 or above Please upgrade to FortiAuthenticator version 6.1.1 or above Please upgrade to FortiAuthenticator version 6.0.5 or above Workaround in FortiOS:Disable the FTM push service by using the below commands:config system ftm-pushset status disableend |
| CVE-2022-41335 | Arbitrary read/write vulnerability in administrative interface in FortiOS, FortiProxy & FortiSwitchManager | 8.6 | High | FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.12 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.10 FortiProxy version 1.2 all versions FortiProxy version 1.1 all versions FortiSwitchManager version 7.2.0 FortiSwitchManager version 7.0.0 | Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.13 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiSwitchManager version 7.2.1 or above Please upgrade to FortiSwitchManager version 7.0.1 or above |
FortiNAC Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-39952 | External Control of File Name or Path in keyUpload scriptlet in FortiNAC | 9.8 | Critical | FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions | Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above |
| CVE-2022-40677 | Multiple Command Injections in webserver in FortiNAC | 7.2 | High | FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8, 8.7, 8.6, 8.5, 8.3 all versions | Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above Please upgrade to FortiNAC version 7.2.0 or above |
| CVE-2023-22638 | Multiple Stored and Reflected XSS in FortiNAC | 6.7 | Medium | Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. | Please upgrade to FortiNAC-F version 7.2.0 or above, Please upgrade to FortiNAC version 9.4.2 or above |
| CVE-2022-39954 | Multiple XML external entity (XXE) injection in FortiNAC | 6.9 | Medium | FortiNAC version 9.4.0 through 9.4.1 FortiNAC all versions 9.2, 9.1, 8.8, 8.7, 8.6, 8.5, 8.3 | Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 7.2.0 or above |
| CVE-2022-38376 | Multiple reflected cross-site scripting vulnerabilities in portal UI in FortiNAC | 5.8 | Medium | FortiNAC version 9.4.0 through 9.4.1 FortiNAC 9.2 all versionsFortiNAC 9.1 all versions FortiNAC 8.8 all versions FortiNAC 8.7 all versionsFortiNAC 8.6 all versions | Please upgrade to FortiNAC version 7.2F or above Please upgrade to FortiNAC version 9.4.2 or above |
| CVE-2022-38375 | Unauthenticated access to administrative operations in FortiNAC | 8.6 | High | FortiNAC version 9.4.0 through 9.4.1 FortiNAC version 9.2.0 through 9.2.6 | Please upgrade to FortiNAC-F version 7.2.0 or above Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above |
| CVE-2022-40678 | Weak password storage in FortiNAC | 7.4 | High | FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions | Please upgrade to FortiNAC-F version 7.2.0 or above Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above |
| CVE-2022-40675 | Wrong use of cryptographic primitives in FortiNAC | 6 | Medium | FortiNAC version 9.4.0 through 9.4.1 FortiNAC 9.2 all versions FortiNAC 9.1 all versions FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions | Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 7.2.0 or above |
FortiNAC Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-38378 | Ability to modify privileges from Custom to Read-Write in FortiOS & FortiProxy | 4 | Medium | FortiOS version 7.2.0 FortiOS version 7.0.0 through 7.0.7 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy 2.0 all versions FortiProxy 1.2 all versions FortiProxy 1.1 all versions | Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above |
| CVE-2022-39948 | Lack of certificate verification when establishing secure connections with threat feed fabric connectors | 4.4 | Medium | FortiProxy version 7.0.0 through 7.0.6 FortiProxy version 2.0 all versions FortiProxy version 1.2 all versions FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.7 FortiOS version 6.4 all versions FortiOS version 6.2 all versions FortiOS version 6.0 all versions | Please upgrade to FortiProxy version 7.2.0 or above Please upgrade to FortiProxy version 7.0.7 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.8 or above |
| CVE-2022-42472 | header injection in proxy login page in FortiOS & FortiProxy | 4 | Medium | FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.10 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions | Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above |
| CVE-2022-29054 | Flaws over DHCP and DNS keys encryption scheme in FortiOS / FortiProxy | 3.1 | Low | FortiOS version 7.2.0 FortiOS version 7.0.0 through 7.0.7 FortiOS version 6.4 all versions FortiOS version 6.2 all versions FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0 all versions FortiProxy version 1.2 all versions FortiProxy version 1.1 all versions | Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.8 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above |
| CVE-2021-43074 | Padding oracle in cookie encryption in FortiOS, FortiWeb, FortiProxy and FortiSwitch | 4.1 | Medium | FortiOS versions 7.0.3 and below. FortiOS versions 6.4.8 and below, FortiOS 6.2 all versions FortiOS 6.0 all versions FortiWeb 6.4 all versions FortiWeb versions 6.3.16 and below, FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions FortiProxy versions 7.0.1 and below, FortiProxy versions 2.0.7 and below, FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions FortiSwitch versions 7.0.3 and below, FortiSwitch versions 6.4.10 and below, FortiSwitch 6.2 all versions FortiSwitch 6.0 all versions | Upgrade to FortiOS version 7.0.4 or above. Upgrade to FortiOS version 6.4.9 or above. Upgrade to FortiWeb version 7.0.0 or above. Upgrade to FortiWeb version 6.3.17 or above. Upgrade to FortiProxy version 7.0.2 or above. Upgrade to FortiProxy version 2.0.8 or above. Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above. |
| CVE-2022-41335 | Arbitrary read/write vulnerability in administrative interface in FortiOS, FortiProxy & FortiSwitchManager | 8.6 | High | FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.12 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.10 FortiProxy version 1.2 all versions FortiProxy version 1.1 all versions FortiSwitchManager version 7.2.0 FortiSwitchManager version 7.0.0 | Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.13 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiSwitchManager version 7.2.1 or above Please upgrade to FortiSwitchManager version 7.0.1 or above |
FortiAnalyzer Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-30304 | XSS vulnerability due to AngularJS Client-Side Template injection in FortiAnalyzer | 6.5 | Medium | FortiAnalyzer version 7.2.0 through 7.2.1. FortiAnalyzer version 7.0.0 through 7.0.4 FortiAnalyzer version 6.4.0 through 6.4.8 FortiAnalyzer version 6.2.0 through 6.2.9 FortiAnalyzer version 6.0.0 through 6.0.11 | Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.5 or above Please upgrade to FortiAnalyzer version 6.4.9 or above |
FortiAnalyzer Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-30304 | XSS vulnerability due to AngularJS Client-Side Template injection in FortiAnalyzer | 6.5 | Medium | FortiAnalyzer version 7.2.0 through 7.2.1. FortiAnalyzer version 7.0.0 through 7.0.4 FortiAnalyzer version 6.4.0 through 6.4.8 FortiAnalyzer version 6.2.0 through 6.2.9 FortiAnalyzer version 6.0.0 through 6.0.11 | Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.5 or above Please upgrade to FortiAnalyzer version 6.4.9 or above |
FortiADC Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-27482 | OS command injection vulnerability in CLI in FortiADC | 7.4 | High | At least FortiADC version 7.0.0 through 7.0.1 FortiADC version 6.2.0 through 6.2.3 FortiADC 6.1 all versions FortiADC 6.0 all versions FortiADC 5.4 all versions FortiADC 5.3 all versions FortiADC 5.2 all versions FortiADC 5.1 all versionsFortiADC 5.0 all versions | Please upgrade to FortiADC version 7.0.2 or above, Please upgrade to FortiADC version 6.2.4 or above. |
Fortisandbox Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-26115 | Improper password storage mechanism in FortiSandbox | 5.4 | Medium | FortiSandbox version 4.0.0 through 4.0.2 FortiSandbox version 3.2.0 through 3.2.3 | Upgrade to FortiSandbox version 4.2.0 and above. |
Fortisandbox Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-43954 | Device password exposure in audit log in FortiPortal | 4.1 | Medium | FortiPortal version 7.0.0 through 7.0.2 | Please upgrade to FortiPortal version 7.0.3 or above. |
FortiWAN Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-33869 | Command injection vulnerability in FortiWAN | 8 | High | FortiWAN version 4.5.0 through 4.5.9 FortiWAN version 4.4.0 through 4.4.1 FortiWAN version 4.3.0 through 4.3.1 FortiWAN version 4.2.5 through 4.2.7 FortiWAN version 4.2.1 through 4.2.2 FortiWAN version 4.1.1 through 4.1.3 FortiWAN version 4.0.0 through 4.0.6 | Please upgrade to FortiWAN version 4.5.10 or above |
FortiAuthenticator Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-22302 | Disclosure of private keys corresponding to Apple (APNS) and Google (GCM) certificates in FortiOS, FortiAuthenticator | 5.3 | Medium | FortiOS version 6.4.0 through 6.4.1 FortiOS version 6.2.0 through 6.2.9 FortiOS version 6.0.0 through 6.0.13 FortiAuthenticator version 6.1.0 FortiAuthenticator version 6.0.0 through 6.0.4 FortiAuthenticator 5.5 all versions | Please upgrade to FortiGate version 6.4.2 or above. Please upgrade to FortiOS version 6.2.10 or above Please upgrade to FortiOS version 6.0.14 or above Please upgrade to FortiAuthenticator version 6.2.0 or above Please upgrade to FortiAuthenticator version 6.1.1 or above Please upgrade to FortiAuthenticator version 6.0.5 or above Workaround in FortiOS:Disable the FTM push service by using the below commands:config system ftm-pushset status disableend |
FortiSwitch Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2021-43074 | Padding oracle in cookie encryption in FortiOS, FortiWeb, FortiProxy and FortiSwitch | 4.1 | Medium | FortiOS versions 7.0.3 and below. FortiOS versions 6.4.8 and below, FortiOS 6.2 all versions FortiOS 6.0 all versions FortiWeb 6.4 all versions FortiWeb versions 6.3.16 and below, FortiWeb 6.2 all versions FortiWeb 6.1 all versions FortiWeb 6.0 all versions FortiProxy versions 7.0.1 and below, FortiProxy versions 2.0.7 and below, FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions FortiSwitch versions 7.0.3 and below, FortiSwitch versions 6.4.10 and below, FortiSwitch 6.2 all versions FortiSwitch 6.0 all versions | Upgrade to FortiOS version 7.0.4 or above. Upgrade to FortiOS version 6.4.9 or above. Upgrade to FortiWeb version 7.0.0 or above. Upgrade to FortiWeb version 6.3.17 or above. Upgrade to FortiProxy version 7.0.2 or above. Upgrade to FortiProxy version 2.0.8 or above. Upgrade to FortiSwitch version 7.2.0 or above. Upgrade to FortiSwitch version 7.0.4 or above. Upgrade to FortiSwitch version 6.4.11 or above. |
FortiSwitchManager Vulnerabilities
| CVE | Title | CVSSv3 Score | Severity | Products Affected | Products Fixed |
|---|---|---|---|---|---|
| CVE-2022-41335 | Arbitrary read/write vulnerability in administrative interface in FortiOS, FortiProxy & FortiSwitchManager | 8.6 | High | FortiOS version 7.2.0 through 7.2.2 FortiOS version 7.0.0 through 7.0.8 FortiOS version 6.4.0 through 6.4.10 FortiOS version 6.2.0 through 6.2.12 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.10 FortiProxy version 1.2 all versions FortiProxy version 1.1 all versions FortiSwitchManager version 7.2.0 FortiSwitchManager version 7.0.0 | Please upgrade to FortiOS version 7.2.3 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiOS version 6.4.11 or above Please upgrade to FortiOS version 6.2.13 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.11 or above Please upgrade to FortiSwitchManager version 7.2.1 or above Please upgrade to FortiSwitchManager version 7.0.1 or above |
We hope this post would help you know about the February 2023 Monthly PSIRT Advisory Report published by fortinet on 16th February 2023. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Breaking Down the Latest March 2023 Monthly PSIRT Advisory Report From Fortinet
Breaking Down the Latest June 2023 Monthly PSIRT Advisory Report From Fortinet
Breaking Down the Latest May 2023 Monthly PSIRT Advisory Report From Fortinet
Breaking Down the Latest April 2023 Monthly PSIRT Advisory Report From Fortinet
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
