Cybersecurity solution provider Fortinet has addressed 16 vulnerabilities in its daily security rounds. These vulnerabilities were found in the company’s products, and six of them were classified as having a ‘high’ severity rate.
Fortinet creates and markets cybersecurity products like hardware firewalls, antivirus programs, intrusion detection systems, and endpoint security components. Fortinet has issued patches for all 16 vulnerabilities, of which some high-severity issues persist in the XSS, which is tracked as CVE-2022-38374.
Major vulnerabilities in Fortinet services
A persistent XSS in FortiADC’s Log pages, listed as CVE-2022-38374, is one of the high-severity problems reported by the security company. The researchers claim that the neutralization of input during the creation of website pages vulnerability [CWE-79] in FortiADC is the core issue behind the vulnerability.
HTTP fields including important data like the traffic and even log views are visible in the traffic, allowing an unauthenticated hacker to control the access and launch an XSS attack. Moreover, another vulnerability discovered by the company is through the command injection in the CLI command, tracked as CVE-2022-33870, of FortiTester.
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands,” the advisory states.
Another vulnerability, CVE-2022-26119, affects FortiSIEM, a machine-learning system that can identify unauthorized users and entity behavior (UEBA) without the administrator having to create elaborate rules. A hardcoded password allows a local attacker with command-line access to use the flaw to do actions directly on the Glassfish server.
Previous patch
Fortinet acknowledged in October that the significant authentication bypass vulnerability, designated CVE-2022-40684, is actively used in the wild. The vulnerability allows an attacker to log into exposed devices, and it also affects FortiGate firewalls and FortiProxy web proxies.
The Fortinet vulnerability became public on Oct. 7 when the network security vendor sent an alert to customers warning of the flaw.