Fortinet Releases Security Updates for Multiple Products
Updates address vulnerabilities and weaknesses in FortiADC, FortiTester, FortiManager, FortiPortal, and FortiWeb product lines
Summary
Updates address vulnerabilities and weaknesses in FortiADC, FortiTester, FortiManager, FortiPortal, and FortiWeb product lines
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Fortinet have released five security advisories to address vulnerabilities and weaknesses in multiple product lines. The first High severity vulnerability affects FortiADC and could allow an attacker with access to the web GUI to execute unauthorised code or commands via a specially crafted HTTP request. The second High severity vulnerability affects FortiTester and could allow an authenticated attacker to execute arbitrary commands in the underlying shell.
The Medium severity vulnerabilities and weakness concern improper access control in FortiManager, possible opportunities for a cross-site scripting attack in FortiPortal, and a HTTP Response Splitting weakness in FortiWeb that could allow an attacker to execute unauthorised code or commands.
Remediation advice
Affected organisations are encouraged to review Fortinet's Product Security Incident Response Team's PSIRT Advisories page and the below advisories and apply any relevant updates.
Remediation steps
| Type | Step |
|---|---|
| Patch |
FortiADC - FG-IR-22-061 https://www.fortiguard.com/psirt/FG-IR-22-061 |
| Patch |
FortiTester - FG-IR-22-274 https://www.fortiguard.com/psirt/FG-IR-22-274 |
| Patch |
FortiManager - FG-IR-22-371 https://www.fortiguard.com/psirt/FG-IR-22-371 |
| Patch |
FortiPortal - FG-IR-22-313 https://www.fortiguard.com/psirt/FG-IR-22-313 |
| Patch |
FortiWeb - FG-IR-22-250 https://www.fortiguard.com/psirt/FG-IR-22-250 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 5 January 2023 12:28 pm