Rewterz Threat Advisory – Multiple Fortinet FortiProxy and FortiOS Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-41328 CVSS:6.7

Fortinet FortiOS could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user requests. An attacker could send specially-crafted CLI commands containing “dot dot” sequences (/../) to read and write arbitrary files on the underlying Linux system.

CVE-2022-45861 CVSS:6.5

Fortinet FortiOS and Fortinet FortiProxy are vulnerable to a denial of service, caused by an access of uninitialized pointer vulnerability. By sending a specially crafted HTTP GET request, a remote authenticated attacker could exploit this vulnerability to crash the sslvpn daemon.

CVE-2022-41329 CVSS:5.3

Fortinet FortiProxy and Fortinet FortiOS could allow a remote attacker to obtain sensitive information. By sending a specially-crafted HTTP GET request, an attacker could exploit this vulnerability to obtain logging information from static files and use this information to launch further attacks against the affected system.

Impact

• Information Disclosure
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2022-41328
• CVE-2022-45861
• CVE-2022-41329

Affected Vendors

Fortinet

Affected Products

• Fortinet FortiOS 6.2.12
• Fortinet FortiOS 6.4.1
• Fortinet FortiOS 6.4.10
• Fortinet FortiOS 6.4.11
• Fortinet FortiOS 6.2.8
• Fortinet FortiOS 6.4.8
• Fortinet FortiOS 6.4.9
• Fortinet FortiOS 7.0.4
• Fortinet FortiOS 7.0.8
• Fortinet FortiOS 7.0.9
• Fortinet FortiOS 7.2.2
• Fortinet FortiOS 7.2.3
• Fortinet FortiProxy 7.0.7
• Fortinet FortiProxy 7.0.8
• Fortinet FortiProxy 7.2.1
• Fortinet FortiProxy 7.2.

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

CVE-2022-41328 

CVE-2022-45861 

CVE-2022-41329