1. 主页
  2. 保安警报
  3. 保安警报 (A23-02-17)

高危保安警报 (A23-02-17): Fortinet 产品多个漏洞


 

发布日期: 2023年 2月 17日

  
  

描述:

Fortinet 发布了安全公告,以应对 Fortinet 产品的多个漏洞。攻击者可以向受影响的系统传送特制的请求,从而攻击这些漏洞。

有报告指针对 Fortinet FortiNAC 的任意写入档案漏洞 (CVE-2022-39952) 的概念验证 (PoC) 程式码已被公开。系统管理员应立即为受影响的系统安装修补程式,以减低受到网络攻击的风险。

 

受影响的系统:

  • FortiADC
  • FortiAnalyzer
  • FortiAuthenticator
  • FortiExtender
  • FortiNAC
  • FortiOS
  • FortiPortal
  • FortiProxy
  • FortiSandbox
  • FortiSwitch
  • FortiSwitchManager
  • FortiWAN
  • FortiWeb

有关受影响产品的详细资料,请参阅供应商网站的相应保安建议中有关 “Affected Products” 的部分。

 

影响:

成功利用漏洞可以在受影响的系统上导致远端执行程式码、插入任意指令码、跨网址程式编程、数据操纵、泄漏资讯、权限提升或绕过保安限制,视乎攻击者利用哪个漏洞而定。

 

建议:

现已有适用于受影响系统的软件更新。受影响系统的管理员应遵从产品供应商的建议,立即採取行动以降低风险。

 

进一步资讯:

  • https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
  • https://www.fortiguard.com/psirt/FG-IR-20-014
  • https://www.fortiguard.com/psirt/FG-IR-20-220
  • https://www.fortiguard.com/psirt/FG-IR-21-126
  • https://www.fortiguard.com/psirt/FG-IR-21-186
  • https://www.fortiguard.com/psirt/FG-IR-21-214
  • https://www.fortiguard.com/psirt/FG-IR-21-234
  • https://www.fortiguard.com/psirt/FG-IR-22-046
  • https://www.fortiguard.com/psirt/FG-IR-22-048
  • https://www.fortiguard.com/psirt/FG-IR-22-080
  • https://www.fortiguard.com/psirt/FG-IR-22-111
  • https://www.fortiguard.com/psirt/FG-IR-22-118
  • https://www.fortiguard.com/psirt/FG-IR-22-131
  • https://www.fortiguard.com/psirt/FG-IR-22-133
  • https://www.fortiguard.com/psirt/FG-IR-22-136
  • https://www.fortiguard.com/psirt/FG-IR-22-142
  • https://www.fortiguard.com/psirt/FG-IR-22-146
  • https://www.fortiguard.com/psirt/FG-IR-22-151
  • https://www.fortiguard.com/psirt/FG-IR-22-157
  • https://www.fortiguard.com/psirt/FG-IR-22-163
  • https://www.fortiguard.com/psirt/FG-IR-22-164
  • https://www.fortiguard.com/psirt/FG-IR-22-166
  • https://www.fortiguard.com/psirt/FG-IR-22-167
  • https://www.fortiguard.com/psirt/FG-IR-22-187
  • https://www.fortiguard.com/psirt/FG-IR-22-224
  • https://www.fortiguard.com/psirt/FG-IR-22-251
  • https://www.fortiguard.com/psirt/FG-IR-22-257
  • https://www.fortiguard.com/psirt/FG-IR-22-260
  • https://www.fortiguard.com/psirt/FG-IR-22-265
  • https://www.fortiguard.com/psirt/FG-IR-22-273
  • https://www.fortiguard.com/psirt/FG-IR-22-280
  • https://www.fortiguard.com/psirt/FG-IR-22-300
  • https://www.fortiguard.com/psirt/FG-IR-22-304
  • https://www.fortiguard.com/psirt/FG-IR-22-312
  • https://www.fortiguard.com/psirt/FG-IR-22-329
  • https://www.fortiguard.com/psirt/FG-IR-22-346
  • https://www.fortiguard.com/psirt/FG-IR-22-348
  • https://www.fortiguard.com/psirt/FG-IR-22-362
  • https://www.fortiguard.com/psirt/FG-IR-22-391
  • https://www.fortiguard.com/psirt/FG-IR-22-430
  • https://www.fortiguard.com/psirt/FG-IR-22-460
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42756
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42761
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43074
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22302
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26115
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27482
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27489
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29054
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30299 (to CVE-2022-30300)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30303 (to CVE-2022-30304)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30306
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33869
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33871
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38375 (to CVE-2022-38376)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38378
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39948
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39952
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39954
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40675
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40677 (to CVE-2022-40678)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40683
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41334 (to CVE-2022-41335)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42472
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43954
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22636
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22638
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23777 (to CVE-2023-23784)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25602


标签 : Fortinet , FortiADC , FortiAnalyzer , FortiAuthenticator , FortiExtender , FortiNAC , FortiOS , FortiPortal , FortiProxy , FortiSandbox , FortiSwitch , FortiSwitchManager , FortiWAN , FortiWeb
标签