Fortinet Addresses Critical Vulnerability in Data Analytics Solution

April 12, 2023

Cybersecurity solutions provider Fortinet has announced the release of security updates for multiple products, including patches for a critical vulnerability in its FortiPresence data analytics solution. FortiPresence offers analytics, heat maps, and reporting, and is available as a hosted cloud service or as a virtual machine for private installations. The company revealed that a critical missing authentication vulnerability in the FortiPresence infrastructure server could be exploited to access Redis and MongoDB instances. The vulnerability, tracked as CVE-2022-41331 with a CVSS score of 9.3, can be exploited by a remote, unauthenticated attacker through crafted authentication requests. The security flaw affects FortiPresence versions 1.0, 1.1, and 1.2, and has been addressed with the release of FortiPresence version 2.0.0.

In its April 2023 vulnerability advisories published this week, Fortinet also announced patches for multiple high-severity flaws in products such as FortiOS, FortiProxy, FortiSandbox, FortiDeceptor, FortiWeb, FortiClient for Windows and macOS, FortiSOAR, FortiADC, FortiDDoS, FortiDDoS-F, FortiAnalyzer, and FortiManager. The addressed issues could lead to cross-site scripting (XSS) attacks, unauthorized API calls, command execution, arbitrary code execution, arbitrary file creation, privilege escalation, information disclosure, arbitrary file retrieval, and man-in-the-middle (MitM) attacks.

Moreover, Fortinet released an advisory detailing a vulnerability in the Linux kernel version used in FortiAuthenticator, FortiProxy, and FortiSIEM. This vulnerability could allow an attacker with low privileges to write to page cache and escalate privileges on the system. The flaw, tracked as CVE-2022-0847 and also known as Dirty Pipe, was introduced in Linux kernel version 5.8 and was addressed last year in Linux 5.16.11, 5.15.25, and 5.10.102.

Several medium- and low-severity vulnerabilities impacting FortiNAC, FortiOS, FortiProxy, FortiADC, FortiGate, and FortiAuthenticator were also addressed by the company. Customers are advised to update their installations as soon as possible. While Fortinet does not mention any of these vulnerabilities being exploited in attacks, unpatched Fortinet products have been known to be targeted in malicious attacks, including by nation-state threat actors. Additional information on the addressed vulnerabilities can be found on Fortinet’s PSIRT advisories page.

Latest News

• Microsoft Patches Windows Zero-Day Exploited in Ransomware Attacks
• 3CX Confirms North Korean Hackers Behind Supply Chain Attack
• CISA Directs Government Agencies to Update Apple Devices by May 1st
• Apple Releases Emergency Updates to Address Zero-Days Exploited in Attacks
• Critical Vulnerability in VM2 JavaScript Sandbox Library Exploitable