This post will explain security bypass vulnerabilities in fortinet products. Multiple Fortinet Networks devices have been found to be affected by four medium-severity security issues. The vulnerabilities tracked as CVE-2022-30307, CVE-2022-35842, CVE-2022-26122, and CVE-2022-38380 are medium-severity vulnerabilities with CVSS ratings of 3.8, 3.7, 4.3, and 4.2, respectively, on the CVSS scale.
According to the firm, these flaws enable remote attackers to compromise susceptible Fortinet products through man-in-the-middle attacks, information disclosure, and the acquisition of sensitive data.
It is crucial to understand how to patch the four new security bypass vulnerabilities in Fortinet products because this weakness enables an unauthenticated, remote attacker to exploit this problem and carry out actions on the administrative interface.
The most serious of these vulnerabilities, according to Fortigate, is CVE-2022-38380.
Security Bypass Vulnerabilities In Fortinet Products
This article, you can know about Security Bypass Vulnerabilities In Fortinet Products here are the details below;
An unauthenticated, remote attacker can bypass the AV engine by altering MIME attachments with trash and pad characters in base64, according to one report.
All four of the most recent security bypass flaws in Fortinet products are described in this blog article, along with the remediation procedures.
A short Intro about the forties, Fortimail, and fortiClient
A Short intro About the fortiOS
Fortinet’s series of security appliances are compatible with FortiOS, a security-focused operating system.
The FortiGate firewall, the FortiWeb web application firewall, and the FortiMail email gateway are some of these devices.
The OS has capabilities like intrusion detection and prevention, virtual private networking, and data leak protection and is built on a protected Linux kernel.
For use in cloud environments, FortiOS is also offered as a virtual appliance.
A Short Intro About the FortiMail
A security appliance called FortiMail offers email filtering and gateway features. Also check how to fix error code 0x80073cf6 in windows 10
It can be applied to safeguard an organization’s email system from spam, viruses, and other dangers.
Additionally, email regulations like content screening and data leak protection can be enforced using the appliance.
Administrators can set up and administer the appliance through the FortiMail’s web-based administration interface.
It is offered as a physical appliance as well as a virtual appliance.
A Short Intro About the FortiClient
A complete and reliable security solution for your company is offered by the enterprise-class endpoint security software suite known as FortiClient.
A firewall, antivirus software, browser filtering, application control, vulnerability scanning, and many more features are included.
The FortiClient provides enhanced threat prevention and is simple to deploy and manage.
There are cloud-based and on-premises versions of the FortiClient suite.
While the cloud-based version is hosted by Fortinet, the on-premises version is deployed on the servers owned by your business.
The features and advantages are the same in both versions.
Summary of the four New Security Bypass Vulnerabilities in fortinet Products:
Fortinet has announced warnings for four new security bypass vulnerabilities in Fortinet products that allow remote attackers to collect sensitive information, bypass security constraints, information discloser, and conduct man-in-the-middle attacks on the susceptible Fortinet products.
Let’s look at each of the four problems in brief order.
Summary of CVE-2022-30307 – RSA SSH host key lost at shutdown
The RSA SSH host key is vulnerable due to a key management mistake in Fortinet’s FortiO.
The issue enables a man-in-the-middle attack on the exposed products by an unauthenticated attacker.
FortiOS versions 6.4.9, 7.0.6, and 7.2.0 are impacted by the bug.
Summary of CVE-2022-35842 – Telnet on the SSL – VPN interface results in Information leak
Due to the disclosure of private data in FortiOS SSL-VPN, Fortinet FortiOS is vulnerable.
A remote attacker who successfully exploits this vulnerability may be able to learn more about LDAP and SAML on the targeted system.
Summary of CVE-2022-26122 – AV Engine evasion by Manipulating MIME Attachments
Due to poor data authenticity checking, Fortinet AV Engine has this vulnerability.
A remote attacker might take advantage of this flaw by adding base64 padding and trash characters to MIME attachments. Also check bluestacks snapchat not working
If this flaw is successfully exploited, an attacker may be able to get beyond the system’s security measures.
The vulnerability affects FortiOS versions 6.4.274 and below and AV engines 6.2.168 and below.
Versions of FortiMail’s AV engine 6.2.168 and 6.4.274 and lower are in use.
using a FortiClient with an antivirus engine version of 6.4.274 or lower.
Summary of CVE-2022-38380 – Read-Only users able to modify the Interface fields using the API
Because of poor access control, Fortinet FortiOS has this vulnerability.
This flaw might be used by a remote, authorised attacker who sent requests that were specially constructed for security.
By successfully exploiting this flaw, an attacker may be able to bypass the interface settings via the API and get around security measures on the targeted system.
FortiOS versions 7.2.0, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, and 7.0.0 are all affected.
Products by Fortinet
Fortinet Products Affected by the Four New Security Bypass Vulnerabilities:
These four vulnerabilities affect a wide range of products.
However, we covered a lot of this material in the section before about the vulnerability.
The four newly discovered security bypass vulnerabilities affect the following products.
- Version 7.2.0 of FortiOS
- Versions 7.0.0 through 7.0.7 of FortiOS
- Versions 6.4.0 through 6.4.9 of FortiOS
- Versions of FortiOS’s AV engine lower than 6.2.168
- Versions of FortiOS’s AV engine lower than 6.4.274
- Versions of FortiMail’s AV engine lower than 6.2.168
- Versions of FortiMail, FortiClient, and FortiClient running AV engines of 6.4.274 and lower, 6.2.168 and lower, and 6.4.274 and lower, respectively
How to Fix the New Security Bypass Vulnerabilities in fortinet products?
By making the patch available last week, Fortinet acknowledged the problem. Also check bluestacks snapchat not working
It is recommended for everyone using the vulnerable versions of FortiOS, FortiMail, and FortiClients to update their appliances to:
Versions of FortiOS 7.2.2 or later, 7.0.8 or later, and 6.4.10 or later.
Versions 6.2.169 or later and 6.4.275 or later of the AV engine are supported by FortiOS.
FortiMail running versions 6.4.7 or higher, 7.0.3 or higher, and 7.2.0 or higher of the antivirus engine
Operating versions 7.0.8 and later and 7.2.2 or later of the FortiClient’s antivirus engine
See the table in the preceding section.
To learn how to upgrade the FortiOS, FortiMail, and FortiClient, consult these community forums.
How to Upgrade FortiOS?
Download the upgrade image from https://support.fortinet.com, select the ‘File Upload’ button, and upload the image if you decide to upgrade manually.
See Upgrade Path Tool for the suggested upgrade path.
How Can FortiOS Be Upgraded?
1. Log in to the console as an administrator
The admin administrator user must be used to access the FortiGate GUI.
2. Go to Fabric Management to see the Version info
Then select Fabric Management under System.
The Firmware Version column includes a (Feature) or version number (Mature).
3. Open the Upgrade pane
Then click Upgrade after selecting the FortiGate. Opens the FortiGate Upgrade pane.
4. See the available upgrades
Click Upgrades All. It displays the available firmware versions.
5. Select the target firmware, and see the upgrade options
You can tell FortiOS to update to the chosen firmware version directly or follow the upgrade procedure (known as a federated upgrade).
The target firmware in this example is 7.2.0 build 1157(GA), and the upgrade path is set to Follow.
The device can be automatically upgraded to version 7.0.5 but not all the way to version 7.2.0, per the upgrade path.
6. Initiate the upgrade process
Click Confirm and Backup Config after selecting Follow upgrade path. Click Continue to start the upgrade after that. The FortiGate will backup its existing configurations, move to the management computer, upload the firmware image file, upgrade the firmware, and then reboot. The upgrade of the FrotiOS is now complete. The four new security bypass vulnerabilities in Fortinet products are addressed in this post, we hope, to help you.
Share this article and aid in protecting the internet. Visit sign up for updates like this, go to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, and Medium.