1. 主頁
  2. 保安警報
  3. 保安警報 (A23-02-17)

高危保安警報 (A23-02-17): Fortinet 產品多個漏洞


 

發布日期: 2023年 2月 17日

  
  

描述:

Fortinet 發布了安全公告,以應對 Fortinet 產品的多個漏洞。攻擊者可以向受影響的系統傳送特製的請求,從而攻擊這些漏洞。

有報告指針對 Fortinet FortiNAC 的任意寫入檔案漏洞 (CVE-2022-39952) 的概念驗證 (PoC) 程式碼已被公開。系統管理員應立即為受影響的系統安裝修補程式,以減低受到網絡攻擊的風險。

 

受影響的系統:

  • FortiADC
  • FortiAnalyzer
  • FortiAuthenticator
  • FortiExtender
  • FortiNAC
  • FortiOS
  • FortiPortal
  • FortiProxy
  • FortiSandbox
  • FortiSwitch
  • FortiSwitchManager
  • FortiWAN
  • FortiWeb

有關受影響產品的詳細資料,請參閱供應商網站的相應保安建議中有關 “Affected Products” 的部分。

 

影響:

成功利用漏洞可以在受影響的系統上導致遠端執行程式碼、插入任意指令碼、跨網址程式編程、數據操縱、泄漏資訊、權限提升或繞過保安限制,視乎攻擊者利用哪個漏洞而定。

 

建議:

現已有適用於受影響系統的軟件更新。受影響系統的管理員應遵從產品供應商的建議,立即採取行動以降低風險。

 

進一步資訊:

  • https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
  • https://www.fortiguard.com/psirt/FG-IR-20-014
  • https://www.fortiguard.com/psirt/FG-IR-20-220
  • https://www.fortiguard.com/psirt/FG-IR-21-126
  • https://www.fortiguard.com/psirt/FG-IR-21-186
  • https://www.fortiguard.com/psirt/FG-IR-21-214
  • https://www.fortiguard.com/psirt/FG-IR-21-234
  • https://www.fortiguard.com/psirt/FG-IR-22-046
  • https://www.fortiguard.com/psirt/FG-IR-22-048
  • https://www.fortiguard.com/psirt/FG-IR-22-080
  • https://www.fortiguard.com/psirt/FG-IR-22-111
  • https://www.fortiguard.com/psirt/FG-IR-22-118
  • https://www.fortiguard.com/psirt/FG-IR-22-131
  • https://www.fortiguard.com/psirt/FG-IR-22-133
  • https://www.fortiguard.com/psirt/FG-IR-22-136
  • https://www.fortiguard.com/psirt/FG-IR-22-142
  • https://www.fortiguard.com/psirt/FG-IR-22-146
  • https://www.fortiguard.com/psirt/FG-IR-22-151
  • https://www.fortiguard.com/psirt/FG-IR-22-157
  • https://www.fortiguard.com/psirt/FG-IR-22-163
  • https://www.fortiguard.com/psirt/FG-IR-22-164
  • https://www.fortiguard.com/psirt/FG-IR-22-166
  • https://www.fortiguard.com/psirt/FG-IR-22-167
  • https://www.fortiguard.com/psirt/FG-IR-22-187
  • https://www.fortiguard.com/psirt/FG-IR-22-224
  • https://www.fortiguard.com/psirt/FG-IR-22-251
  • https://www.fortiguard.com/psirt/FG-IR-22-257
  • https://www.fortiguard.com/psirt/FG-IR-22-260
  • https://www.fortiguard.com/psirt/FG-IR-22-265
  • https://www.fortiguard.com/psirt/FG-IR-22-273
  • https://www.fortiguard.com/psirt/FG-IR-22-280
  • https://www.fortiguard.com/psirt/FG-IR-22-300
  • https://www.fortiguard.com/psirt/FG-IR-22-304
  • https://www.fortiguard.com/psirt/FG-IR-22-312
  • https://www.fortiguard.com/psirt/FG-IR-22-329
  • https://www.fortiguard.com/psirt/FG-IR-22-346
  • https://www.fortiguard.com/psirt/FG-IR-22-348
  • https://www.fortiguard.com/psirt/FG-IR-22-362
  • https://www.fortiguard.com/psirt/FG-IR-22-391
  • https://www.fortiguard.com/psirt/FG-IR-22-430
  • https://www.fortiguard.com/psirt/FG-IR-22-460
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42756
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42761
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43074
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22302
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26115
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27482
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27489
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29054
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30299 (to CVE-2022-30300)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30303 (to CVE-2022-30304)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30306
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33869
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33871
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38375 (to CVE-2022-38376)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38378
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39948
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39952
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39954
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40675
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40677 (to CVE-2022-40678)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40683
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41334 (to CVE-2022-41335)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42472
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43954
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22636
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22638
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23777 (to CVE-2023-23784)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25602


標籤 : Fortinet , FortiADC , FortiAnalyzer , FortiAuthenticator , FortiExtender , FortiNAC , FortiOS , FortiPortal , FortiProxy , FortiSandbox , FortiSwitch , FortiSwitchManager , FortiWAN , FortiWeb
標籤