mickmick.net

Fortinet Products Multiple Vulnerabilities

Release Date: 3 Nov 2022

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.

---

Impact

• Data Manipulation
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

• FortiOS running AV engine version 6.2.168 and below.
• FortiOS running AV engine version 6.4.274 and below.
• FortiMail running AV engine version 6.2.168 and below.
• FortiMail running AV engine version 6.4.274 and below.
• FortiClient running AV engine version 6.2.168 and below.
• FortiClient running AV engine version 6.4.274 and below.
• FortiOS version 7.2.0
• FortiOS version 7.0.0 through 7.0.6
• FortiOS version 6.4.0 through 6.4.9

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-22-228
• https://fortiguard.fortinet.com/psirt/FG-IR-22-223
• https://fortiguard.fortinet.com/psirt/FG-IR-22-074
• https://fortiguard.fortinet.com/psirt/FG-IR-22-174

---

Vulnerability Identifier

• CVE-2022-26122
• CVE-2022-30307
• CVE-2022-35842
• CVE-2022-38380

---

Source

• AusCERT
• Fortinet

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.5515
• https://www.auscert.org.au/bulletins/ESB-2022.5514
• https://www.auscert.org.au/bulletins/ESB-2022.5504
• https://www.auscert.org.au/bulletins/ESB-2022.5503
• https://fortiguard.fortinet.com/psirt/FG-IR-22-228
• https://fortiguard.fortinet.com/psirt/FG-IR-22-223
• https://fortiguard.fortinet.com/psirt/FG-IR-22-074
• https://fortiguard.fortinet.com/psirt/FG-IR-22-174