Overview

Throughout the past week, Fortinet released numerous security advisories regarding the availability of patches for product vulnerabilities. These patch releases address critical flaws affecting ForiNAC and FortiWeb products. Two of the 40 advisories Fortinet released during the week have a ‘critical’ severity rating. Fifteen of those 40 are marked as having ‘high’ severity.

One of the critical advisories addresses CVE-2021-42756, a CVE identifier “assigned to multiple stack-based buffer overflow vulnerabilities in FortiWeb’s proxy daemon.” An unauthenticated, remote hacker can use arbitrary code on a targeted system using malicious HTTP requests if the security hole were compromised. Below are the different versions Fortinet has released as vulnerable, accepted, or fixed versions to which all devices should be updated.

FortiWeb Impacted Versions:

  • FortiWeb versions 5. x all versions
  • FortiWeb versions 6.0.7 and below
  • FortiWeb versions 6.1.2 and below
  • FortiWeb versions 6.2.6 and below
  • FortiWeb versions 6.3.16 and below
  • FortiWeb versions 6.4, all versions


FortiWeb Fixed Versions:

  • FortiWeb 7.0.0 or above
  • FortiWeb 6.3.17 or above
  • FortiWeb 6.2.7 or above
  • FortiWeb 6.1.3 or above
  • FortiWeb 6.0.8 or above



A second critical vulnerability, CVE-2023-39952, is an external file name or path control issue in FortiNAC. If compromised, an unauthenticated attacker can control a file name or path in FortiNAC’s keyUpload script, allowing arbitrary write on the vulnerable system.

FortiNAC Impacted Versions:

  • FortiNAC versions 9.4.0
  • FortiNAC versions 9.2.0 through 9.2.5
  • FortiNAC versions 9.1.0 through 9.1.7
  • FortiNAC 8.8, all versions
  • FortiNAC 8.6, all versions
  • FortiNAC 8.5, all versions
  • FortiNAC 8.3, all versions


FortiNAC Fixed Versions:

  • FortiNAC version 9.4.1 or above
  • FortiNAC version 9.2.6 or above
  • FortiNAC version 9.1.8 or above
  • FortiNAC version 7.2.0 or above



It is essential to ensure all affected devices above are appropriately patched, especially if they relate to critical and high vulnerabilities—however, other vulnerabilities released with a lower CVSS score still threaten your environment.

Sources

https://www.securityweek.com/fortinet-patches-critical-code-execution-vulnerabilities-in-fortinac-fortiweb/

https://www.fortiguard.com/psirt/FG-IR-22-300 – FortiNAC vulnerability

https://www.fortiguard.com/psirt/FG-IR-21-186 – FortiWeb Vulnerability