Fortinet Remote Code Execution Vulnerabilities (CVE-2022-39952 & CVE-2021-42756)

2 critical Remote Code Execution vulnerabilities (CVE-2022-39952 and CVE-2021-42756) were identified in Fortinet products recently.  An unauthenticated attacker could exploit these vulnerabilities to perform arbitrary code execution.

Fortinet has released the patches to remediate these vulnerabilities and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerabilities

  • CVE-2022-39952
  • CVE-2021-42756

 

Severity Level

  • Critical

 

Affected Products

  • FortiNAC version 9.4.0,
    FortiNAC version 9.2.0 through 9.2.5,
    FortiNAC version 9.1.0 through 9.1.7,
    FortiNAC 8.8 all versions,
    FortiNAC 8.7 all versions,
    FortiNAC 8.6 all versions,
    FortiNAC 8.5 all versions,
    FortiNAC 8.3 all versions.
  • FortiWeb versions 5.x all versions,
    FortiWeb versions 6.0.7 and below,
    FortiWeb versions 6.1.2 and below,
    FortiWeb versions 6.2.6 and below,
    FortiWeb versions 6.3.16 and below,
    FortiWeb versions 6.4 all versions.

 

Remediation

 

Reference

 

Enquiry

 

 

Published on: 10 Mar 2023