Cybersecurity vendor Fortinet has addressed two critical vulnerabilities impacting its FortiNAC and FortiWeb products.
Cybersecurity firm Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions.
The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756, are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb.
The CVE-2022-39952 flaw (CVSS score of 9.8) is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.
“An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system.” reads the advisory.
The affected products are:
FortiNAC version 9.4.0FortiNAC version 9.2.0 through 9.2.5FortiNAC version 9.1.0 through 9.1.7FortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 8.3 all versions
The CVE-2022-39952 vulnerability is fixed in FortiNAC 9.4.1 and later, 9.2.6 and later, 9.1.8 and later, and 7.2.0 and later.
The second vulnerability, tracked as CVE-2021-42756 (CVSS v3 score of 9.3), affects FortiWeb. The issue was internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.
“Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb’s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests” reads the advisory.
Affected products are FortiWeb versions 5.x all versions, versions 6.0.7 and below, versions 6.1.2 and below, versions 6.2.6 and below, versions 6.3.16 and below, and versions 6.4 all versions.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fortinet)
The post Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb appeared first on Security Affairs.