1. 主頁
  2. 保安警報
  3. 保安警報 (A23-04-07)

保安警報 (A23-04-07): Fortinet 產品多個漏洞


 

發布日期: 2023年 4月 12日

  
  

描述:

Fortinet 發布了安全公告,以應對 Fortinet 產品的多個漏洞。攻擊者可以向受影響的系統傳送特製的請求,從而攻擊這些漏洞。

 

受影響的系統:

  • FortiADC
  • FortiAnalyzer
  • FortiAuthenticator
  • FortiClient
  • FortiDDoS
  • FortiDeceptor
  • FortiGate
  • FortiManager
  • FortiNAC
  • FortiOS
  • FortiPresence
  • FortiProxy
  • FortiSandbox
  • FortiSIEM
  • FortiSOAR
  • FortiWeb

有關受影響產品的詳細資料,請參閱供應商網站的相應保安建議中有關 “Affected Products” 的部分。

 

影響:

成功利用漏洞可以在受影響的系統上導致遠端執行程式碼、插入任意指令碼、泄漏資訊、權限提升、繞過保安限制、仿冒詐騙或篡改,視乎攻擊者利用哪個漏洞而定。

 

建議:

現已有適用於受影響系統的軟件更新。受影響系統的管理員應遵從產品供應商的建議,立即採取行動以降低風險。

 

進一步資訊:

  • https://www.fortiguard.com/psirt/FG-IR-22-050
  • https://www.fortiguard.com/psirt/FG-IR-22-056
  • https://www.fortiguard.com/psirt/FG-IR-22-060
  • https://www.fortiguard.com/psirt/FG-IR-22-186
  • https://www.fortiguard.com/psirt/FG-IR-22-275
  • https://www.fortiguard.com/psirt/FG-IR-22-320
  • https://www.fortiguard.com/psirt/FG-IR-22-335
  • https://www.fortiguard.com/psirt/FG-IR-22-336
  • https://www.fortiguard.com/psirt/FG-IR-22-355
  • https://www.fortiguard.com/psirt/FG-IR-22-363
  • https://www.fortiguard.com/psirt/FG-IR-22-381
  • https://www.fortiguard.com/psirt/FG-IR-22-409
  • https://www.fortiguard.com/psirt/FG-IR-22-428
  • https://www.fortiguard.com/psirt/FG-IR-22-429
  • https://www.fortiguard.com/psirt/FG-IR-22-432
  • https://www.fortiguard.com/psirt/FG-IR-22-439
  • https://www.fortiguard.com/psirt/FG-IR-22-444
  • https://www.fortiguard.com/psirt/FG-IR-22-479
  • https://www.fortiguard.com/psirt/FG-IR-22-481
  • https://www.fortiguard.com/psirt/FG-IR-22-502
  • https://www.fortiguard.com/psirt/FG-IR-23-051
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27485
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27487
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35850
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40679
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40682
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41330 (to CVE-2022-41331)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42469 (to CVE-2022-42470)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42477
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43946 (to CVE-2022-43948)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43951 (to CVE-2022-43952)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43955
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22635
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22641 (to CVE-2023-22642)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27995


標籤 : Fortinet , FortiADC , FortiAnalyzer , FortiAuthenticator , FortiClient , FortiDDoS , FortiDeceptor , FortiGate , FortiManager , FortiNAC , FortiOS , FortiPresence , FortiProxy , FortiSandbox , FortiSIEM , FortiSOAR , FortiWeb
標籤