[German]Administrators of Fortinet's FortiOS and FortiProxy must become active. The manufacturer has published various security advisories for different products as of March 7, 2023. Among other things, a DoS vulnerability CVE-2022-45861 in FortiOS and FortiProxy are addressed. Some of the vulnerabilities are very critical (CVSSv3 score 9.3).
Advertising
Fortinet March 2023 Vulnerability Advisories
The issue has been reported to me by an anonymous German blog reader in the discussion area with the following text (thanks for that).
Vulnerabilities in FortiOS (FortiGate Firewalls) and other products – some of them very critical
Fortinet has addressed various security advisories in theMarch 2023 Vulnerability Advisories. Below I have pulled out three vulnerability descriptions with higher risk – the list of all vulnerabilities can be found in the March 2023 Vulnerability Advisory.
FortiOS / FortiProxy – Heap buffer underflow in administrative interface
A 'buffer underflow' vulnerability CVE-2023-25610 exists in the FortiOS & FortiProxy administrative interface, allowing an unauthenticated remote attacker to execute arbitrary code on the device and/or perform a DoS on the graphical user interface (GUI) via specially crafted requests. The vulnerability is critical, CVSSv3 score 9.3. Affected are:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Details may be read at FortiOS / FortiProxy – Heap buffer underflow in administrative interface (dates March 7, 203).
Advertising
FortiOS / FortiProxy – Path traversal vulnerability allows VDOM escaping
A relative path traversal vulnerability [CWE-23] in FortiOS and FortiProxy may allow privileged VDOM administrators to elevate their privileges via manipulated CLI requests to the system's super admin. Affected are:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.8
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy version 2.0.0 through 2.0.11
FortiProxy version 1.2.0 through 1.2.13
FortiProxy version 1.1.0 through 1.1.6
Note: Impact on FortiProxy 7.0.x, 2.0.x, 1.2.x, 1.1.x is minor as it does not have VDOMs
Vulnerability CVE-2022-42476 has a CVSSv3 score of 7.8 (hight), details may be rad at FG-IR-22-401.
FortiOS & FortiProxy – Access of NULL pointer in SSLVPNd
Security advisory FortiOS & FortiProxy – Access of NULL pointer in SSLVPNd (FG-IR-22-477) has details about a DoS vulnerability CVE-2022-45861 in FortiOS and FortiProxy. CVSSv3 has a score of 6.4 and it was sayed:
An uninitialized pointer vulnerability [CWE-824] in the FortiOS & FortiProxy SSL VPN portal may allow a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.
Affected are:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS 6.2 all versions
FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy version 2.0.0 through 2.0.11
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
Advisary FG-IR-22-477 has more details. Upgrades are available.
