Vulnerability Management, Threat Management

Vulnerabilities in several Fortinet products addressed

Nearly 12 security flaws have been addressed by Fortinet in its FortiAnalyzer, FortiADC, FortiOS, FortiManager, FortiClient, FortiProxy, FortiEDR, FortiNAC, FortiDeceptor, FortiRecorder, FortiVoiceEnterprise, and FortiManager offerings, according to SecurityWeek. High severity ratings were given to four vulnerabilities, including a flaw in FortiNAC, tracked as CVE-2022-26117, which could be exploited to obtain MySQL database access. FortiOS, FortiAnalyzer, FortiProxy, and FortiManager are also impacted by a high-severity flaw, tracked as CVE-2021-43072, which could be leveraged for the execution of arbitrary code or commands. Threat actors could also exploit high-severity bugs in FortiDeceptor and FortiClient for Windows, tracked as CVE-2022-30302 and CVE-2021-41031, for arbitrary file retrieval and deletion and privilege escalation, respectively. External researchers were able to identify nearly 50% of the patched security flaws. Attackers could also abuse some medium and low severity vulnerabilities even without authentication. Fortinet users have been urged to immediately update their systems to prevent potential attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.