Fortinet fixes vulnerabilities in FortiNAC and FortiWeb
FortiNAC and FortiWeb products were affected by two severe issues, which led Footinet to post 40 security warnings to advise users that patches were now available for a number of vulnerabilities. A ‘critical’ severity level has been assigned to two of the warnings, and a ‘high’ severity grade to fifteen of them.
One of the critical advisories discusses CVE-2021-42756, a CVE code for numerous stack-based buffer overflow flaws in the proxy daemon of FortiWeb. A remote, unauthenticated attacker may be able to use the security flaws to send malicious HTTP requests that will cause the targeted system to execute arbitrary code. CVE-2021-42756 was found more than a year ago. Given its severity rating, some have hypothesized that potential in-the-wild exploitation is the reason Fortinet waited until now to patch it.
The second critical advisory discusses CVE-2022-39952, a FortiNAC external file name or path control problem that could allow an unauthenticated attacker to write data to a machine, potentially leading to arbitrary code execution. The CVE-2021-42756 and CVE-2022-39952 advisories from Fortinet do not presently provide any information about exploitation in the wild. FortiADC, FortiExtender, FortiNAC, FortiOS, FortiProxy, FortiSwitchManager, FortiWAN, and FortiWeb are among the products that are affected by the high-severity vulnerabilities for which updates were disclosed.
Although many of them demand authentication, they can be used to execute arbitrary code with elevated rights, run arbitrary OS commands, carry out administrative tasks, gather user passwords, conduct XSS attacks, read and write files on the underlying Linux system, and hijack sessions.
Customers were advised by the company to upgrade vulnerable devices to the most recent versions that were released to remedy the issue.
Source
https://thehackernews.com/2023/02/fortinet-issues-patches-for-40-flaws.html
