Warning of a New Critical Vulnerability in FortiOS and FortiProxy

The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) warns of a new critical vulnerability in FortiOS and FortiProxy products.

FortiOS and FortiProxy are Fortinet products. FortiOS is an operating system that is used in other Fortinet products, FortiProxy is a web proxy used mainly for URL filtering, threat protection and malware detection.

The latest critical vulnerability comes from insufficient implementation of security mechanisms allowing a remote, unauthenticated attacker to gain unauthorized access to sensitive data, make unauthorized changes to the system, and cause a denial of service.

The vulnerability is tracked as CVE-2022-42475 (heap based buffer overflow) and has been assigned a CVSS score of 9.3.

The following versions are affected by this critical vulnerability:

• FortiOS versions earlier than 7.2.2, 7.0.8, and 6.4.10
• FortiProxy versions earlier than 7.0.7 and 2.0.11

Measures

NCSC SK-CERT recommends updating FortiOS and FortiProxy immediately to the latest possible existing version, which includes a patch for the mentioned critical vulnerability. NCSC SK-CERT also recommends changing passwords and keys on the affected system and on other systems where the same password or key was used.

NCSC SK-CERT also recommends reviewing the logs and focusing on a non-standard behaviour and suspicious templates that may indicate that the vulnerability has been exploited. If you suspect that this vulnerability has been exploited in your platform instance, report the incident to NCSC SK-CERT at [email protected].

Sources

• https://www.fortiguard.com/psirt/FG-IR-22-255
• https://www.techtarget.com/searchsecurity/news/252528274/Fortinet-confirms-VPN-vulnerability-exploited-in-the-wild
• https://www.cisa.gov/uscert/ncas/current-activity/2022/12/12/fortinet-releases-security-updates-fortios

 

« Späť na zoznam