"Fortinet Patches High-Severity Vulnerabilities in Several Products"

Fortinet recently published security advisories to inform customers about vulnerabilities affecting several of the company's products.  The cybersecurity firm's latest batch of monthly advisories describes roughly a dozen vulnerabilities identified in FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise products.  Four of the vulnerabilities have been assigned a "high" severity rating.  This includes CVE-2022-26117, which affects FortiNAC and allows an attacker to access MySQL databases due to an unprotected root account.  Another high-severity flaw is a stack-based buffer overflow that allows arbitrary code or command execution.  This issue, tracked as CVE-2021-43072, affects FortiAnalyzer, FortiManager, FortiOS, and FortiProxy.  The advisory noted that a "high severity" rating has also been assigned to CVE-2022-30302, a CVE assigned to multiple path traversal bugs in the FortiDeceptor admin interface that can be exploited by a remote attacker to retrieve and delete arbitrary files from the underlying file system.  A directory traversal issue affecting FortiClient for Windows, CVE-2021-41031, is also rated "high severity."  It allows a local attacker to escalate privileges.  Only a couple of the flaws stated in the advisory rated "medium" and "low."  Patches are available for all of these vulnerabilities.  Organizations that use Fortinet products are urged to update their systems as soon as possible.

SecurityWeek reports: "Fortinet Patches High-Severity Vulnerabilities in Several Products"