Fortinet Releases June 2023 Vulnerability Advisories - 20230613002

Overview

Fortinet has released its June 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

What is the vulnerability?

• CVE-2023-29179 - FortiOS - Null pointer dereference in sslvpnd proxy endpoint
• CVE-2023-29181 - FortiOS - Format String Bug in Fclicense daemon
• CVE-2023-29180 - FortiOS - Null pointer dereference in sslvnd
• CVE-2023-27997 - FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
• CVE-2022-43949 - FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm
• CVE-2022-42478 - FortiSIEM - Bruteforce of Exposed Endpoints
• CVE-2022-41327 - FortiOS/FortiProxy - Read Only administrator can intercept sensitive data
• CVE-2022-42474 - FortiOS, FortiProxy & FortiSwitchManager - Path traversal vulnerability in administrative - interface
• CVE-2023-26210 - FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands
• CVE-2023-29178 - FortiOS & FortiProxy - Access of uninitialized pointer in administrative interface API
• CVE-2022-43953 - FortiOS & FortiProxy - Format String Bug in fortiguard-resources CLI command
• CVE-2023-22639 - FortiOS & FortiProxy - Out-of-bound write in CLI
• CVE-2023-33305 - FortiOS, FortiProxy & Fortiweb - DoS in firmware upgrade function
• CVE-2023-25609 - FortiManager & FortiAnalyzer - SSRF in FortiGuard Outbreak feature
• CVE-2023-26204 - FortiSIEM - Plaintext credentials storage in DB
• CVE-2023-28000 - FortiADC - Command injection in diagnose system df CLI command
• CVE-2023-29175 - FortiOS & FortiProxy - Lack of certificate verification when establishing secure - connections with FortiGuard's map server
• CVE-2022-33877 - FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder
• CVE-2023-26207 - FortiOS & FortiProxy - SMTP password ciphertext exposure in Log
• CVE-2023-22633 - FortiNAC - SSL Renegotation leading to DoS
• CVE-2022-39946 - FortiNAC - Improper access control on administrative panels

What is vulnerable?

The vulnerability affects the following products:

• FortiOS - Null pointer dereference in sslvpnd proxy endpoint
• FortiOS - Format String Bug in Fclicense daemon
• FortiOS - FortiOS - Null pointer dereference in sslvnd
• FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
• FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm
• FortiSIEM - Bruteforce of Exposed Endpoints
• FortiOS/FortiProxy - Read Only administrator can intercept sensitive data
• FortiOS, FortiProxy & FortiSwitchManager - Path traversal vulnerability in administrative - interface
• FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands
• FortiOS & FortiProxy - Access of uninitialized pointer in administrative interface API
• FortiOS & FortiProxy - Format String Bug in fortiguard-resources CLI command
• FortiOS & FortiProxy - Out-of-bound write in CLI
• FortiOS, FortiProxy & Fortiweb - DoS in firmware upgrade function
• FortiManager & FortiAnalyzer - SSRF in FortiGuard Outbreak feature
• FortiSIEM - Plaintext credentials storage in DB
• FortiADC - Command injection in diagnose system df CLI command
• FortiOS & FortiProxy - Lack of certificate verification when establishing secure - connections with FortiGuard's map server
• FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder
• FortiOS & FortiProxy - SMTP password ciphertext exposure in Log
• FortiNAC - SSL Renegotation leading to DoS
• FortiNAC - Improper access control on administrative panels

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices:

• FortiOS - Null pointer dereference in sslvpnd proxy endpoint
• FortiOS - Format String Bug in Fclicense daemon
• FortiOS - FortiOS - Null pointer dereference in sslvnd
• FortiOS & FortiProxy - Heap buffer overflow in sslvpn pre-authentication
• FortiSIEM - Use of a Broken or Risky Cryptographic Algorithm
• FortiSIEM - Bruteforce of Exposed Endpoints
• FortiOS/FortiProxy - Read Only administrator can intercept sensitive data
• FortiOS, FortiProxy & FortiSwitchManager - Path traversal vulnerability in administrative - interface
• FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands
• FortiOS & FortiProxy - Access of uninitialized pointer in administrative interface API
• FortiOS & FortiProxy - Format String Bug in fortiguard-resources CLI command
• FortiOS & FortiProxy - Out-of-bound write in CLI
• FortiOS, FortiProxy & Fortiweb - DoS in firmware upgrade function
• FortiManager & FortiAnalyzer - SSRF in FortiGuard Outbreak feature
• FortiSIEM - Plaintext credentials storage in DB
• FortiADC - Command injection in diagnose system df CLI command
• FortiOS & FortiProxy - Lack of certificate verification when establishing secure - connections with FortiGuard's map server
• FortiClient (Windows) / FortiConverter (Windows) - Insecure Installation Folder
• FortiOS & FortiProxy - SMTP password ciphertext exposure in Log
• FortiNAC - SSL Renegotation leading to DoS
• FortiNAC - Improper access control on administrative panels

Additional References

• June 2023 Vulnerability Advisories | FortiGuard