Nearly 12 security flaws have been addressed by Fortinet
in its FortiAnalyzer, FortiADC, FortiOS, FortiManager, FortiClient, FortiProxy, FortiEDR, FortiNAC, FortiDeceptor, FortiRecorder, FortiVoiceEnterprise, and FortiManager offerings, according to SecurityWeek
High severity ratings were given to four vulnerabilities, including a flaw in FortiNAC, tracked as CVE-2022-26117, which could be exploited to obtain MySQL database access. FortiOS, FortiAnalyzer, FortiProxy, and FortiManager are also impacted by a high-severity flaw, tracked as CVE-2021-43072, which could be leveraged for the execution of arbitrary code or commands. Threat actors could also exploit high-severity bugs in FortiDeceptor and FortiClient for Windows, tracked as CVE-2022-30302 and CVE-2021-41031, for arbitrary file retrieval and deletion and privilege escalation, respectively.
External researchers were able to identify nearly 50% of the patched security flaws. Attackers could also abuse some medium and low severity vulnerabilities even without authentication. Fortinet users have been urged to immediately update their systems to prevent potential attacks.