Fortinet patches critical CVE-2022-39952 & CVE-2021-42756 bugs in its products

“An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system,” Fortinet explains in a customer support bulletin.

Fortinet has advised the users to update to the latest available versions immediately. The complete list of products vulnerable to attacks attempting to exploit the CVE-2022-39952 flaw includes:

• FortiNAC version 9.4.0
• FortiNAC version 9.2.0 through 9.2.5
• FortiNAC version 9.1.0 through 9.1.7
• FortiNAC 8.8 all versions
• FortiNAC 8.7 all versions
• FortiNAC 8.6 all versions
• FortiNAC 8.5 all versions
• FortiNAC 8.3 all versions

Another critical bug, tracked as CVE-2021-42756 (CVSS score of 9.3), is the stack-based buffer overflows in FortiWeb’s proxy daemon that allows an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. The flaw affects the below products:

• FortiWeb versions 5.x all versions,
• FortiWeb versions 6.0.7 and below,
• FortiWeb versions 6.1.2 and below,
• FortiWeb versions 6.2.6 and below,
• FortiWeb versions 6.3.16 and below,
• FortiWeb versions 6.4 all versions.

Per today’s customer support bulletin, Fortinet released security patches on Thursday, asking customers to update FortiADC, FortiExtender, FortiOS, FortiProxy & FortiSwitchManager, FortiWAN, FortiAnalyzer, FortiAuthenticator, FortiPortal, and FortiSandbox to the latest version.

At present, there is no mitigation advice or workarounds for the discovered security issues, so updating the impacted products is the only recommended approach to address the risks.