Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWebSecurity Affairs

admin by admin
February 17, 2023
in Cyber News


Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products.

Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions.

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.

The CVE-2022-39952 flaw (CVSS score of 9.8) is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

“An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.” reads the advisory.

The affected products are:

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions

The CVE-2022-39952 vulnerability is fixed in FortiNAC 9.4.1 and later, 9.2.6 and later, 9.1.8 and later, and 7.2.0 and later.

The second vulnerability, tracked as CVE-2021-42756 (CVSS v3 score of 9.3), affects FortiWeb. The issue was internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.

“Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb’s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests” reads the advisory.

Affected products are FortiWeb versions 5.x all versions, versions 6.0.7 and below, versions 6.1.2 and below, versions 6.2.6 and below, versions 6.3.16 and below, and versions 6.4 all versions.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)



Share On






Source link

Previous Post

Chetan Sharma resigns from post of National Selection Committee chairman –

Next Post

Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine

Next Post

Hacks, leaks and wipers: Google analyzes a year of Russian cyberattacks on Ukraine

Recommended

Rear Admiral Joanna Nunan Announced as Superintendent of U.S. Merchant Marine Academy

4 months ago

A Coast Guard Christmas: Kodiak’s Santa to the Villages 2022

3 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.