How to Fix the New Security Bypass Vulnerabilities in Fortinet Products

Four Medium-severity security flaws have been detected that affect multiple Fortinet Networks devices. The vulnerabilities tracked under CVE identifiers CVE-2022-30307, CVE-2022-35842, CVE-2022-26122, and CVE-2022-38380 are medium-severity vulnerabilities with CVSS scores of 3.8, 3.7, 4.3, and 4.2 on the CVSS scale. As per the vendor, these vulnerabilities allow remote attackers to obtain sensitive information, bypass security restrictions, information discloser, and perform man-in-the-middle attacks on vulnerable Fortinet products. Since this flaw allows an unauthenticated, remote attacker to exploit this issue remotely and perform operations on the administrative interface, it is highly important to know how to fix the four new security bypass vulnerabilities in Fortinet products.

According to Fortigate, the most severe among these vulnerabilities is CVE-2022-38380. It’s been said, “When an unauthenticated, remote attacker exploits this vulnerability, he can get bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64.” This blog post explains all four new security bypass vulnerabilities in Fortinet products and implementation steps on how you can fix these vulnerabilities. 

A Short Intro About the FortiOS, FortiMail, and FortiClient

A Short Intro About the FortiOS

FortiOS is a security-focused operating system that is designed to work with Fortinet’s line of security appliances. These appliances include the FortiGate firewall, the FortiWeb web application firewall, and the FortiMail email gateway. The OS is based on a hardened Linux kernel and includes features such as intrusion detection and prevention, virtual private networking, and data leak prevention. FortiOS is also available as a virtual appliance for use in cloud environments.

A Short Intro About the FortiMail

The FortiMail is a security appliance that provides email gateway and filtering capabilities. It can be used to protect an organization’s email infrastructure from spam, malware, and other threats. The appliance can also be used to enforce email policies, such as content filtering and data leak prevention. The FortiMail includes a web-based management interface for administrators to configure and monitor the appliance. It is available in both hardware and virtual appliance form factors.

A Short Intro About the FortiClient

The FortiClient is an enterprise-class endpoint security software suite that provides a comprehensive and robust security solution for your business. It includes a firewall, antivirus, web filtering, application control, vulnerability scanning, and much more. The FortiClient is easy to deploy and manage, and it offers superior protection against threats.

The FortiClient suite is available in both on-premises and cloud-based versions. The on-premises version is installed on your company’s servers, while the cloud-based version is hosted by Fortinet. Both versions offer the same features and benefits.

Summary of the Four New Security Bypass Vulnerabilities in Fortinet Products:

Fortinet has released advisories for four new security bypass vulnerabilities in Fortinet products that allows remote attackers to obtain sensitive information, bypass security restrictions, information discloser, and perform man-in-the-middle attacks on the vulnerable Fortinet products. Let’s see the summary of all the four flaws one after another.

Summary of CVE-2022-30307 – RSA SSH host key lost at shutdown

This is a key management error vulnerability in Fortinet’s FortiO affecting the RSA SSH host key. The flaw allows an unauthenticated attacker to perform a man in the middle attack on the vulnerable products. The flaw affects FortiOS version 6.4.9, 7.0.6, and 7.2.0.

Summary of CVE-2022-35842 – Telnet on the SSL-VPN interface results in information leak

The vulnerability exists in Fortinet FortiOS due to the exposure of sensitive information in FortiOS SSL-VPN. Successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to gain information about LDAP and SAML on the targeted system. The flaw affects FortiOS version 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, and 6.4.0.

Summary of CVE-2022-26122 – AV Engine evasion by manipulating MIME attachment

This vulnerability exists in Fortinet AV Engine due to insufficient verification of data authenticity. A remote attacker could exploit this vulnerability by manipulating MIME attachments with junk and pad characters in base64. Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions on the targeted system. The flaw affects FortiOS version FortiOS running AV engine version 6.2.168 and below and 6.4.274 and below. FortiMail running AV engine version 6.2.168 and below and 6.4.274 and below. FortiClient running AV engine version 6.2.168 and below and 6.4.274 and below.

Summary of CVE-2022-38380 – Read-Only users able to modify the Interface fields using the API

This vulnerability exists in Fortinet FortiOS due to improper access control. A remote authenticated attacker could exploit this vulnerability by sending security-crafted requests. Successful exploitation of this vulnerability could allow an attacker to modify the interface settings via the API to bypass security restrictions on the targeted system. The flaw affects FortiOS: 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, and 7.0.0.

List of the Four New Security Bypass Vulnerabilities in Fortinet Products with the products affected and corresponding patched version.

Fortinet Products Affected by the Four New Security Bypass Vulnerabilities:

There are multiple products affected by these four vulnerabilities. However, we have shared this information in the previous section extensively by the vulnerability. The following products are prone to these four new security bypass vulnerabilities.

How to Fix the New Security Bypass Vulnerabilities in Fortinet Products?

Fortinet acknowledged the vulnerability by releasing the patch last week. All the users of the vulnerable version of FrotiOS, FortiMail, and FortiClients are advised to upgrade their appliances to:

Refer to the table from the previous section.

Refer to these community forums to see how to upgrade the FortiOS, FortiMail, and FortiClient.

How to Upgrade FortiOS?

If you want to go for the manual upgrade process, download the upgrade image from https://support.fortinet.com, go to the ‘File Upload’ tab and upload the image. For the recommended upgrade path, see Upgrade Path Tool.

Step 1. Log in to the console as an administrator

Log into the FortiGate GUI as the admin administrative user.

Step 2. Go to Fabric Management to see the Version info

Go to System > Fabric Management. The Firmware Version column displays the version and either (Feature) or (Mature).

Step 3. Open the Upgrade pane

Select the FortiGate, and click upgrade. The FortiGate Upgrade pane opens.

Step 4. See the available upgrades

Click All Upgrades. The available firmware versions are displayed.

We hope this post would help you know how to fix the four new security bypass vulnerabilities in Fortinet products. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.