mickmick.net

Fortinet Products Multiple Vulnerabilities

Release Date: 13 Jun 2023

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, denial of service, elevation of privilege and security restriction bypass on the targeted system.

 

Note:

CVE-2023-27997 may have been exploited in a limited number of cases

---

Impact

• Security Restriction Bypass
• Information Disclosure
• Remote Code Execution
• Elevation of Privilege
• Denial of Service

---

System / Technologies affected

• FortiADC 5.2 all versions
• FortiADC 5.3 all versions
• FortiADC 5.4 all versions
• FortiADC 6.0 all versions
• FortiADC 6.1 all versions
• FortiADC 6.2 all versions
• FortiADC 7.0 all versions
• FortiADC version 7.1.0 through 7.1.2
• FortiADC version 7.2.0
• FortiADCManager 5.2 all versions
• FortiADCManager 5.3 all versions
• FortiADCManager 5.4 all versions
• FortiADCManager 6.0 all versions
• FortiADCManager 6.1 all versions
• FortiADCManager 6.2 all versions
• FortiADCManager version 7.0.0
• FortiADCManager version 7.1.0
• FortiClientWindows version 6.4.0 through 6.4.8
• FortiClientWindows version 7.0.0 through 7.0.6
• FortiConverter 6.0 all versions
• FortiConverter 6.2 all versions
• FortiConverter version 7.0.0
• FortiNAC 8.5 all versions
• FortiNAC 8.6 all versions
• FortiNAC 8.7 all versions
• FortiNAC 8.8 all versions
• FortiNAC 9.1 all versions
• FortiNAC 9.2.0 through 9.2.7
• FortiNAC version 9.4.0 through 9.4.2
• FortiNAC-F version 7.2.0
• FortiOS 6.0 all versions
• FortiOS 6.2 all versions
• FortiOS 6.4 all versions
• FortiOS 7.0 all versions
• FortiOS 7.2 all versions
• FortiOS-6K7K version 6.0.10
• FortiOS-6K7K version 6.0.12 through 6.0.16
• FortiOS-6K7K version 6.2.4
• FortiOS-6K7K version 6.2.6 through 6.2.7
• FortiOS-6K7K version 6.2.9 through 6.2.13
• FortiOS-6K7K version 6.4.10
• FortiOS-6K7K version 6.4.12
• FortiOS-6K7K version 6.4.2
• FortiOS-6K7K version 6.4.6
• FortiOS-6K7K version 6.4.8
• FortiOS-6K7K version 7.0.10
• FortiOS-6K7K version 7.0.5
• FortiProxy 1.0 all versions
• FortiProxy 1.1 all versions
• FortiProxy 1.2 all versions
• FortiProxy 2.0 all versions
• FortiProxy 7.0 all versions
• FortiProxy version 7.2.0 through 7.2.3
• FortiSwitchManager version 7.0.0 through 7.0.1
• FortiSwitchManager version 7.2.0 through 7.2.1
• FortiWeb 6.3 all versions
• FortiWeb 6.4 all versions
• FortiWeb version 7.0.0 through 7.0.6
• FortiWeb version 7.2.0 through 7.2.1

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.fortiguard.com/psirt/FG-IR-23-125
• https://www.fortiguard.com/psirt/FG-IR-23-119
• https://www.fortiguard.com/psirt/FG-IR-23-111
• https://www.fortiguard.com/psirt/FG-IR-23-097
• https://www.fortiguard.com/psirt/FG-IR-22-380
• https://www.fortiguard.com/psirt/FG-IR-22-393
• https://www.fortiguard.com/psirt/FG-IR-23-076
• https://www.fortiguard.com/psirt/FG-IR-23-095
• https://www.fortiguard.com/psirt/FG-IR-22-463
• https://www.fortiguard.com/psirt/FG-IR-22-494
• https://www.fortiguard.com/psirt/FG-IR-22-375
• https://www.fortiguard.com/psirt/FG-IR-23-107
• https://www.fortiguard.com/psirt/FG-IR-22-468
• https://www.fortiguard.com/psirt/FG-IR-22-229
• https://www.fortiguard.com/psirt/FG-IR-22-455
• https://www.fortiguard.com/psirt/FG-IR-22-521
• https://www.fortiguard.com/psirt/FG-IR-22-332

---

Vulnerability Identifier

• CVE-2022-33877
• CVE-2022-39946
• CVE-2022-41327
• CVE-2022-42474
• CVE-2022-43953
• CVE-2023-22633
• CVE-2023-22639
• CVE-2023-26207
• CVE-2023-26210
• CVE-2023-27997
• CVE-2023-28000
• CVE-2023-29175
• CVE-2023-29178
• CVE-2023-29179
• CVE-2023-29180
• CVE-2023-29181
• CVE-2023-33305

---

Source

• Fortinet

---

Related Link

• https://www.fortiguard.com/psirt/FG-IR-23-125
• https://www.fortiguard.com/psirt/FG-IR-23-119
• https://www.fortiguard.com/psirt/FG-IR-23-111
• https://www.fortiguard.com/psirt/FG-IR-23-097
• https://www.fortiguard.com/psirt/FG-IR-22-380
• https://www.fortiguard.com/psirt/FG-IR-22-393
• https://www.fortiguard.com/psirt/FG-IR-23-076
• https://www.fortiguard.com/psirt/FG-IR-23-095
• https://www.fortiguard.com/psirt/FG-IR-22-463
• https://www.fortiguard.com/psirt/FG-IR-22-494
• https://www.fortiguard.com/psirt/FG-IR-22-375
• https://www.fortiguard.com/psirt/FG-IR-23-107
• https://www.fortiguard.com/psirt/FG-IR-22-468
• https://www.fortiguard.com/psirt/FG-IR-22-229
• https://www.fortiguard.com/psirt/FG-IR-22-455
• https://www.fortiguard.com/psirt/FG-IR-22-521
• https://www.fortiguard.com/psirt/FG-IR-22-332
• https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign