Rewterz Threat Alert – Dark Pink APT Threat Actor Group – Active IOCs
February 21, 2023Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
February 21, 2023Rewterz Threat Alert – Dark Pink APT Threat Actor Group – Active IOCs
February 21, 2023Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
February 21, 2023Severity
Medium
Analysis Summary
CVE-2022-27482 CVSS:7.8
Fortinet FortiADC could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the CLI. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands as root on the system.
CVE-2023-22638 CVSS:7.1
Fortinet FortiNAC is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-27489 CVSS:7.2
Fortinet FortiExtender could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-38378 CVSS:4.2
Fortinet FortiOS and Fortinet FortiProxy could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By using CLI or GUI commands, an attacker could exploit this vulnerability to gain Read Write privileges on the system.
CVE-2022-39948 CVSS:4.8
Fortinet FortiProxy and FortiOS could allow a remote attacker to conduct man-in-the-middle attacks, caused by improper SSL certificate validation. By sniffing the network traffic, an attacker could exploit this vulnerability to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVE-2022-41334 CVSS:8.8
Fortinet FortiOS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Login page. A remote attacker could exploit this vulnerability using the redir parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-29054 CVSS:3.3
Fortinet FortiOS and FortiProxy could allow a local authenticated attacker to obtain sensitive information, caused by missing cryptographic steps in the functions that encrypt the DHCP and DNS keys. By obtaining an encrypted key, an attacker could exploit this vulnerability to decipher the DHCP and DNS keys, and use this information to launch further attacks against the affected system.
CVE-2022-22302 CVSS:4
Fortinet FortiOS and FortiAuthenticator could allow a local attacker to obtain sensitive information, caused by the storage of private keys in plain-text. By gaining access to the storage files, an attacker could exploit this vulnerability to obtain private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, and use this information to launch further attacks against the affected system.
CVE-2022-41335 CVSS:8.8
Fortinet FortiOS, FortiProxy and FortiSwitchManager could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read and write arbitrary files on the underlying Linux system.
CVE-2022-43954 CVSS:4.3
Fortinet FortiPortal could allow a remote authenticated attacker to obtain sensitive information, caused by the insertion of sensitive information into log file. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2022-26115 CVSS:5.9
Fortinet FortiSandbox is vulnerable to a brute force attack, caused by the use of a password hash with insufficient computational effort. By using brute force techniques, a remote attacker could exploit this vulnerability to obtain users’ passwords.
CVE-2022-30306 CVSS:6.6
Fortinet FortiWeb is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the CA sign functionality. By using a specially-crafted password, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2022-40683 CVSS:7.8
Fortinet FortiWeb could allow a local authenticated attacker to execute arbitrary code on the system, caused by a double free flaw. By sending a specially-crafted command to the CLI, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
- Buffer Overflow
- Command Execution
- Unauthorized Access
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2022-27482
- CVE-2023-22638
- CVE-2022-27489
- CVE-2022-38378
- CVE-2022-39948
- CVE-2022-41334
- CVE-2022-29054
- CVE-2022-22302
- CVE-2022-41335
- CVE-2022-43954
- CVE-2022-26115
- CVE-2022-30306
- CVE-2022-40683
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiADC 5.0
- Fortinet FortiADC 5.1
- Fortinet FortiADC 5.2
- Fortinet FortiADC 5.3
- Fortinet FortiADC 5.4
- Fortinet FortiADC 6.0
- Fortinet FortiADC 6.1
- Fortinet FortiADC 7.0.2
- Fortinet FortiADC 7.0.0
- Fortinet FortiADC 6.2.0
- Fortinet FortiNAC 9.4.0
- Fortinet FortiNAC 8.8
- Fortinet FortiNAC 8.7
- Fortinet FortiNAC 8.6
- Fortinet FortiNAC 9.4.1
- Fortinet FortiNAC 9.2
- Fortinet FortiNAC 9.1
- Fortinet FortiExtender 3.0
- Fortinet FortiExtender 3.1
- Fortinet FortiExtender 3.2.1
- Fortinet FortiExtender 3.2.3
- Fortinet FortiExtender 3.3.0
- Fortinet FortiExtender 3.3.2
- Fortinet FortiExtender 4.0.0
- Fortinet FortiExtender 4.0.2
- Fortinet FortiExtender 4.1.1
- Fortinet FortiExtender 4.1.8
- Fortinet FortiExtender 4.2.0
- Fortinet FortiExtender 4.2.4
- Fortinet FortiExtender 5.3
- Fortinet FortiExtender 7.0.0
- Fortinet FortiExtender 7.0.3
- Fortinet FortiOS 6.2.8
- Fortinet FortiOS 6.4.8
- Fortinet FortiOS 6.4.9
- Fortinet FortiOS 7.0.4
- Fortinet FortiOS 7.0.6
- Fortinet FortiOS 7.0.7
- Fortinet FortiOS 7.2.0
- Fortinet FortiOS 7.2.3
- Fortinet FortiOS 6.0.0
- Fortinet FortiOS 6.2.0
- Fortinet FortiOS 6.4.0
- Fortinet FortiOS 6.0.13
- Fortinet FortiOS 6.2.9
- Fortinet FortiOS 6.2
- Fortinet FortiOS 6.4.1
- Fortinet FortiOS 7.0.0
- Fortinet FortiOS 7.0.8
- Fortinet FortiOS 7.2.2
- Fortinet FortiOS 6.4.10
- Fortinet FortiOS 6.2.12
- Fortinet FortiProxy 1.2
- Fortinet FortiProxy 7.0.0
- Fortinet FortiProxy 7.0.1
- Fortinet FortiProxy 2.0.0
- Fortinet FortiProxy 2.0.10
- Fortinet FortiProxy 1.1
- Fortinet FortiProxy 1.0
- Fortinet FortiProxy 2.0.7
- Fortinet FortiProxy 7.0.7
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 7.2.1
- Fortinet FortiAuthenticator 6.0.0
- Fortinet FortiAuthenticator 5.5.0
- Fortinet FortiAuthenticator 6.0.4
- Fortinet FortiAuthenticator 6.1.0
- Fortinet FortiSwitchManager 7.0.0
- Fortinet FortiPortal 7.0.0
- Fortinet FortiPortal 7.0.2
- Fortinet FortiSandbox 3.2.0
- Fortinet FortiSandbox 3.2.3
- Fortinet FortiSandbox 4.0.0
- Fortinet FortiSandbox 4.0.2
- Fortinet FortiWeb 6.3.11
- Fortinet FortiWeb 6.3.16
- Fortinet FortiWeb 6.3.6
- Fortinet FortiWeb 6.4.2
- Fortinet FortiWeb 7.0.0
- Fortinet FortiWeb 7.0.3
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.