Fortinet serves up six more fixes

Days after news of bugs in its FortiOS and FortiProxy products emerged on social media, Fortinet has disclosed a further six vulnerabilities, one of which is rated critical.

The company also disclosed that it is aware of an exploit for the FortiOS and FortiProxy vulnerability.

The company’s latest security advisories are dated October 10 US time.

Fortinet’s FortiTester network performance testing and breach attack simulation appliance has the critical vulnerability: CVE-2022-33873, a command injection bug.

“Multiple improper neutralisation of special elements used in an OS Command … in console, telnet, and SSH login components of FortiTester may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell," the advisory stated.

Versions affected include FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0, all of which now have upgrades available.

The company also announced fixes for three high-severity bugs: CVE-2022-35846, CVE-2022-29055, and CVE-2021-44171.

CVE-2022-35846 is a missing account lockout in the FortiTester Telnet port, and Fortinet’s advisory says the bug allows an administrator’s account to be brute-forced.

It affects the same versions of FortiTester as CVE-2022-33873, and is patched in the same upgrades.

CVE-2022-29055 is a denial-of-service bug caused by an unitialised pointer in various versions of FortiOS and FortiProxy, which Fortinet said “allows a remote unauthenticated or authenticated attacker to crash the sslvpn daemon via an HTTP GET request.”

CVE-2021-44171 is an OS command injection bug in FortiOS the company said allows an attacker to “execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.”

The security wrap-up also includes the medium-rated CVE-2022-35844, which the company said is only exploitable via an authenticated attacker, and the low-rated CVE-2022-26121, which gives an attacker access to a template image. 

About CVE-2022-40684, for which there is now a formal disclosure, Fortinet said it is “aware of an instance where this vulnerability was exploited, and recommends immediately validating your systems against the following indicator of compromise in the device's logs: user='Local_Process_Access'”.