Skip to content

Fortinet Patches Critical Vulnerability in Data Analytics Solution “How to Make the Most of Your Time Management Skills” “Maximizing Your Time Management Abilities”

Fortinet, a cybersecurity solutions provider, this week released security updates to address several high-severity vulnerabilities in multiple products, including a critical missing authentication vulnerability in the FortiPresence infrastructure server. This vulnerability, tracked as CVE-2022-41331, can be exploited by a remote, unauthenticated attacker to gain access to Redis and MongoDB instances. In addition to FortiPresence, Fortinet also released patches for multiple high-severity flaws in FortiOS, FortiProxy, FortiSandbox, FortiDeceptor, FortiWeb, FortiClient, FortiSOAR, FortiADC, FortiDDoS, FortiDDoS-F, FortiAnalyzer, and FortiManager.

These flaws could result in a variety of attacks, including cross-site scripting (XSS), unauthorized API calls, command execution, arbitrary code execution, arbitrary file creation, privilege escalation, information disclosure, arbitrary file retrieval, and man-in-the-middle (MitM) attacks. A vulnerability was also identified in the Linux kernel version used in FortiAuthenticator, FortiProxy, and FortiSIEM which could allow an attacker with low privileges to write to page cache and escalate privileges on the system.

Fortinet also addressed medium- and low-severity vulnerabilities impacting FortiNAC, FortiOS, FortiProxy, FortiADC, FortiGate, and FortiAuthenticator. Customers are urged to update their installations as soon as possible, as unpatched Fortinet products have been targeted in malicious attacks in the past.

In summary, Fortinet released security updates this week to address multiple high-severity vulnerabilities in multiple products. These vulnerabilities could lead to a variety of attacks, including cross-site scripting (XSS), unauthorized API calls, command execution, arbitrary code execution, arbitrary file creation, privilege escalation, information disclosure, arbitrary file retrieval, and man-in-the-middle (MitM) attacks. Customers are advised to update their installations as soon as possible in order to protect their systems.

Key Points:
• Fortinet released security updates to address multiple high-severity vulnerabilities in multiple products
• These vulnerabilities could lead to a variety of attacks, including cross-site scripting (XSS), unauthorized API calls, command execution, arbitrary code execution, arbitrary file creation, privilege escalation, information disclosure, arbitrary file retrieval, and man-in-the-middle (MitM) attacks
• Customers are advised to update their installations as soon as possible in order to protect their systems

Leave a Reply

Your email address will not be published. Required fields are marked *