• Home
  • |
  • Blog
  • |
  • How to Fix the New Security Bypass Vulnerabilities in Fortinet Products
How to Fix the New Security Bypass Vulnerabilities in Fortinet Products

Four Medium-severity security flaws have been detected that affect multiple Fortinet Networks devices. The vulnerabilities tracked under CVE identifiers CVE-2022-30307, CVE-2022-35842, CVE-2022-26122, and CVE-2022-38380 are medium-severity vulnerabilities with CVSS scores of 3.8, 3.7, 4.3, and 4.2 on the CVSS scale. As per the vendor, these vulnerabilities allow remote attackers to obtain sensitive information, bypass security restrictions, information discloser, and perform man-in-the-middle attacks on vulnerable Fortinet products. Since this flaw allows an unauthenticated, remote attacker to exploit this issue remotely and perform operations on the administrative interface, it is highly important to know how to fix the four new security bypass vulnerabilities in Fortinet products.

According to Fortigate, the most severe among these vulnerabilities is CVE-2022-38380. It’s been said, “When an unauthenticated, remote attacker exploits this vulnerability, he can get bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.” This blog post explains all four new security bypass vulnerabilities in Fortinet products and implementation steps on how you can fix these vulnerabilities. 

A Short Intro About the FortiOS, FortiMail, and FortiClient

A Short Intro About the FortiOS

FortiOS is a security-focused operating system that is designed to work with Fortinet’s line of security appliances. These appliances include the FortiGate firewall, the FortiWeb web application firewall, and the FortiMail email gateway. The OS is based on a hardened Linux kernel and includes features such as intrusion detection and prevention, virtual private networking, and data leak prevention. FortiOS is also available as a virtual appliance for use in cloud environments.

A Short Intro About the FortiMail

The FortiMail is a security appliance that provides email gateway and filtering capabilities. It can be used to protect an organization’s email infrastructure from spam, malware, and other threats. The appliance can also be used to enforce email policies, such as content filtering and data leak prevention. The FortiMail includes a web-based management interface for administrators to configure and monitor the appliance. It is available in both hardware and virtual appliance form factors.

A Short Intro About the FortiClient

The FortiClient is an enterprise-class endpoint security software suite that provides a comprehensive and robust security solution for your business. It includes a firewall, antivirus, web filtering, application control, vulnerability scanning, and much more. The FortiClient is easy to deploy and manage, and it offers superior protection against threats.

The FortiClient suite is available in both on-premises and cloud-based versions. The on-premises version is installed on your company’s servers, while the cloud-based version is hosted by Fortinet. Both versions offer the same features and benefits.

Summary of the Four New Security Bypass Vulnerabilities in Fortinet Products:

Fortinet has released advisories for four new security bypass vulnerabilities in Fortinet products that allows remote attackers to obtain sensitive information, bypass security restrictions, information discloser, and perform man-in-the-middle attacks on the vulnerable Fortinet products. Let’s see the summary of all the four flaws one after another.

Summary of CVE-2022-30307 – RSA SSH host key lost at shutdown

This is a key management error vulnerability in Fortinet’s FortiO affecting the RSA SSH host key. The flaw allows an unauthenticated attacker to perform a man in the middle attack on the vulnerable products. The flaw affects FortiOS version 6.4.9, 7.0.6, and 7.2.0.

Summary of CVE-2022-35842 – Telnet on the SSL-VPN interface results in information leak

The vulnerability exists in Fortinet FortiOS due to the exposure of sensitive information in FortiOS SSL-VPN. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to gain information about LDAP and SAML on the targeted system. The flaw affects FortiOS version 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, and 6.4.0.

Summary of CVE-2022-26122 – AV Engine evasion by manipulating MIME attachment

This vulnerability exists in Fortinet AV Engine due to insufficient verification of data authenticity. A remote attacker could exploit this vulnerability by manipulating MIME attachments with junk and pad characters in base64. Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions on the targeted system. The flaw affects FortiOS version FortiOS running AV engine version 6.2.168 and below and 6.4.274 and below. FortiMail running AV engine version 6.2.168 and below and 6.4.274 and below. FortiClient running AV engine version 6.2.168 and below and 6.4.274 and below.

Summary of CVE-2022-38380 – Read-Only users able to modify the Interface fields using the API

This vulnerability exists in Fortinet FortiOS due to improper access control. A remote authenticated attacker could exploit this vulnerability by sending security-crafted requests. Successful exploitation of this vulnerability could allow an attacker to modify the interface settings via the API to bypass security restrictions on the targeted system. The flaw affects FortiOS: 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, and 7.0.0.

List of the Four New Security Bypass Vulnerabilities in Fortinet Products with the products affected and corresponding patched version.

Sl. No.CVE IDCVSS ScoreDescriptionAffected ProductsSolution
1CVE-2022-303073.8 MediumRSA SSH host key lost at shutdownFortiOS version 7.2.0

FortiOS version 7.0.6

FortiOS version 6.4.9
Please upgrade to FortiOS version 7.2.2 or above

Please upgrade to FortiOS version 7.0.8 or above

Please upgrade to FortiOS version 6.4.10 or above
2CVE-2022-358423.7 MediumTelnet on the SSL-VPN interface results in information leakFortiOS version 7.2.0

FortiOS version 7.0.0 through 7.0.6

FortiOS version 6.4.0 through 6.4.9
Please upgrade to FortiOS version 7.2.2 or above

Please upgrade to FortiOS version 7.0.7 or above

Please upgrade to FortiOS version 6.4.10 or above
3CVE-2022-261224.3 MediumAV Engine evasion by manipulating MIME attachmentFortiOS running AV engine version 6.2.168 and below.

FortiOS running AV engine version 6.4.274 and below.

FortiMail running AV engine version 6.2.168 and below.

FortiMail running AV engine version 6.4.274 and below.

FortiClient running AV engine version 6.2.168 and below.

FortiClient running AV engine version 6.4.274 and below.
Please upgrade AV engine to version 6.2.169 or above.

Please upgrade AV engine to version 6.4.275 or above.

Please upgrade to FortiMail version 7.2.0 or above

Please upgrade to FortiMail version 7.0.3 or above

Please upgrade to FortiMail version 6.4.7 or above

Please upgrade to FortiOS version 7.0.8 or above.

Please upgrade to FortiOS version 7.2.2 or above.
4CVE-2022-383804.2 MediumRead-Only users able to modify the Interface fields using the APIFortiOS version 7.2.0

FortiOS version 7.0.0 through 7.0.7
Please upgrade to FortiOS version 7.2.1 or above

Please upgrade to FortiOS version 7.0.8 or above

Fortinet Products Affected by the Four New Security Bypass Vulnerabilities:

There are multiple products affected by these four vulnerabilities. However, we have shared this information in the previous section extensively by the vulnerability. The following products are prone to these four new security bypass vulnerabilities.

  • FortiOS version 7.2.0
  • FortiOS version 7.0.0 through 7.0.7
  • FortiOS version 6.4.0 through 6.4.9
  • FortiOS running AV engine version 6.2.168 and below
  • FortiOS running AV engine version 6.4.274 and below
  • FortiMail running AV engine version 6.2.168 and below
  • FortiMail running AV engine version 6.4.274 and below
  • FortiClient running AV engine version 6.2.168 and below
  • FortiClient running AV engine version 6.4.274 and below

How to Fix the New Security Bypass Vulnerabilities in Fortinet Products?

Fortinet acknowledged the vulnerability by releasing the patch last week. All the users of the vulnerable version of FrotiOS, FortiMail, and FortiClients are advised to upgrade their appliances to:

  • FortiOS version 7.2.2 or above, 7.0.8 or above, and 6.4.10 or above.
  • FortiOS running AV engine version 6.2.169 or above and 6.4.275 or above.
  • FortiMail running AV engine version 7.2.0 or above, 7.0.3 or above, and 6.4.7 or above.
  • FortiClient running AV engine version 7.0.8 or above and 7.2.2 or above.

Refer to the table from the previous section.

Refer to these community forums to see how to upgrade the FortiOSFortiMail, and FortiClient.

How to Upgrade FortiOS?

If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image. For the recommended upgrade path, see Upgrade Path Tool.

Time needed: 15 minutes.

How to Upgrade FortiOS?

  1. Log in to the console as an administrator

    Log into the FortiGate GUI as the admin administrative user.

  2. Go to Fabric Management to see the Version info

    Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).

  3. Open the Upgrade pane

    Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.

  4. See the available upgrades

    Click All Upgrades. The available firmware versions are displayed.See the available upgrades in FortiOS

  5. Select the target firmware, and see the upgrade options

    You can instruct FortiOS to follow the upgrade path (referred to as a federated upgrade) or upgrade directly to the selected firmware version.In this example, the target firmware is 7.2.0 build 1157(GA), and Follow upgrade path is selected. According to the upgrade path, the device can be automatically upgraded to v7.0.5 but not all the way to 7.2.0.

  6. Initiate the upgrade process

    Select Follow upgrade path, and click Confirm and Backup Config. Then click Continue to initiate the upgrade. The FortiGate will take the backup of current configurations, transfer to the management computer, uploads the firmware image file, upgrade the firmware, and at last, reboot itself. This completes the upgradation of the FrotiOS. 

We hope this post would help you know how to fix the four new security bypass vulnerabilities in Fortinet products. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.